Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZipThis.exe

Overview

General Information

Sample name:ZipThis.exe
Analysis ID:1586192
MD5:22a6cb7348b496600e7151a8112cbac9
SHA1:f0cd50658868a3d347beff6977a54520c19ab640
SHA256:bf2f238d09ac55e7baf3d73c80c82d3df935daa6b94adf67a299ad3665e879e2
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Loading BitLocker PowerShell Module
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (STR)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • ZipThis.exe (PID: 6920 cmdline: "C:\Users\user\Desktop\ZipThis.exe" MD5: 22A6CB7348B496600E7151A8112CBAC9)
    • powershell.exe (PID: 6148 cmdline: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • chrome.exe (PID: 5188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 5924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1992,i,15463440433173817224,3086299219128565272,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • ZipThisApp.exe (PID: 6288 cmdline: "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" MD5: 9AF46426A5C164310DDD6FB6E77D78C2)
  • svchost.exe (PID: 6184 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rundll32.exe (PID: 3828 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Updater.exe (PID: 704 cmdline: "C:\Users\user\AppData\Local\ZipThis\Updater.exe" MD5: 8F3972F98564FC9D1E3E5A3840A0DA85)
  • ZipThisApp.exe (PID: 1472 cmdline: "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" MD5: 9AF46426A5C164310DDD6FB6E77D78C2)
  • Updater.exe (PID: 3748 cmdline: "C:\Users\user\AppData\Local\ZipThis\Updater.exe" MD5: 8F3972F98564FC9D1E3E5A3840A0DA85)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", CommandLine: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ZipThis.exe", ParentImage: C:\Users\user\Desktop\ZipThis.exe, ParentProcessId: 6920, ParentProcessName: ZipThis.exe, ProcessCommandLine: "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1", ProcessId: 6148, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6184, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ZipThis.exeReversingLabs: Detection: 26%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.0% probability
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeEXE: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\ZipThis.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZipThisJump to behavior
PE / OLE file has a valid certificate
Source: ZipThis.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.17:49739 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: ZipThis.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Updater.exe, 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmp, msvcp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Updater.exe, 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmp, msvcp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00580000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0044C000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0044C000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmp, vcruntime140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmp, vcruntime140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmp, Updater.exe, 0000001D.00000002.2085708641.00007FFA56445000.00000002.00000001.01000000.00000019.sdmp, vcruntime140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00580000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmp, Updater.exe, 0000001D.00000002.2085708641.00007FFA56445000.00000002.00000001.01000000.00000019.sdmp, vcruntime140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.1.dr
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BA360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,18_2_00007FFA2E8BA360
Source: chrome.exeMemory has grown: Private usage: 2MB later: 23MB
Source: global trafficHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continue
Source: global trafficHTTP traffic detected: GET /st HTTP/1.1X-Event-Type: conversionHost: sts.thisilient.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 708Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 148Expect: 100-continueConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /r HTTP/1.1Content-Type: text/plain; charset=utf-8Host: can.thisilient.comContent-Length: 148Expect: 100-continueConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 151.101.1.229 151.101.1.229
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /st HTTP/1.1X-Event-Type: conversionHost: sts.thisilient.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /success?u=6452faac-14b2-4f85-a1a3-5968697ad833 HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/css/main.css HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/images/256px.png HTTP/1.1Host: www.zipthisapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ajax/libs/normalize/8.0.1/normalize.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /jquery-3.5.1.slim.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /npm/@popperjs/core@2.5.2/dist/umd/popper.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.zipthisapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /update/download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImZDUXFqNGpnaGs5ZGx2U3QiLCJ0YWciOiJaeHNIUFZvMnRxa3l4UGxOZHhRSGNBIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.vlI_W-_KmzJRvg-CJZZuCPVAHu-2owT_cQUP3ajek_voeZ8u-UgkH8P9ZXthzgMSBC2Q6ZqqQFGlS3MrnjXfmA.H8dzYBOzDfp9VV2qQ22zoQ.OtiWjUNnIY_MSvDJYVdmsIAgbwkS_vB5KheeYhks_PxB0fPizUvTC4tkPwX4D7J1Lhx8xOoRE3edkMGIBUGtex6A0jLVZbvGlTyxIufndTWukb6xOusbx2mSJywo2WTW1UtsUAHGvivmOCL1fEmJ0wJey-Ww__nGWY3WV-0iOWmzHzzzxX_53-0egfZy4vGP8vhHWxJYuMrDY_2sBXHH_g3vtgpj4P9DIQeuFzEOxDRAI6JSL4y1Eo2n3OL8DrlxqErqZl1UtOY7gqqQWDBBC9GrI2RkrFqNZTXZhp0qURipL2Rx0ojineljmuQFbkCO.yXUj1Zp0_EycPJi-EcZQWLselY2WKCUMdzd5ABXuU3wAdditional-Args: {"userID": "6452faac-14b2-4f85-a1a3-5968697ad833", "instDate": "2025-01-08 19:17:15"}Host: tzpdld.com
Source: global trafficHTTP traffic detected: GET /update/download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6Ik1scERsUDVLblJyU3hGNHAiLCJ0YWciOiJkcTVuMUlhX1JjY2hMNHY1OVQwMGVRIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.Z4Ed74sxPrjG77k3a1TA5z7aZGd8rWAJXEOpveBea8YFpotdn5mPiJYDychllGw4CgExIxqdTaMsCMgOYn9Blg.Bpg30ehPEMRc5q-KiKwxGQ.yY28ELzL6b2iRUegg189GzOo1VcaY4aXzL1oF77CCBPZSXmT5qQcuBOVktiZ1oeVTvCVcFUU3KaJH_zs1GbHLusi_5_UcDSJPRVPSfcR-ng5Gz1C7MoqfGmHI7-ElV0y3N9WmhUvDVCeWqUedlMsl2MRv65JX5RDCPET9IwBXBMFNP175aU286uJC9VpMVRCy8RL_MZ6RSXCBwVFcN6yb8_J7CvjSTZr16SLxVKwwe6ZO7BVi5syOc_8-SopIwOeOhx2hE6NjlVGsP21EGANpOeCeJmQoU4TpjnTEManxnpODkOBME8pMy2iMzWwEs8f.-rvLNPXRiYhOrWU_MZSQrioMlO66o8kwTqyOmkV_mVsAdditional-Args: {"userID": "6452faac-14b2-4f85-a1a3-5968697ad833", "instDate": "2025-01-08 19:17:15"}Host: tzpdld.com
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1476524009.00005CB401030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \www.youtube.com/35A1} equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaValidator equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1476524009.00005CB401030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1472040467.00005CB400E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1473301426.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1478609791.00005CB4010FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1478609791.00005CB4010FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/?feature=ytca\ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1472040467.00005CB400E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1472040467.00005CB400E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html\ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1473301426.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: |@www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000000C.00000002.1473301426.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: |@www.youtube.com/?feature=ytcaValidator equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: apb.thisilient.com
Source: global trafficDNS traffic detected: DNS query: sts.thisilient.com
Source: global trafficDNS traffic detected: DNS query: can.thisilient.com
Source: global trafficDNS traffic detected: DNS query: www.zipthisapp.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: tzpdld.com
Source: unknownHTTP traffic detected: POST /v6 HTTP/1.1Content-Type: text/plain; charset=utf-8Host: apb.thisilient.comContent-Length: 88Expect: 100-continueConnection: Keep-Alive
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136.
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1446838817.00005CB400020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007(
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1461402734.00005CB4008C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 0000000C.00000002.1461402734.00005CB4008C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876Jz
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/69535
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/72791
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/77243
Source: chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://can.thisilient.com
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Updater.exe, 00000012.00000002.1711914137.000001F6D29F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: svchost.exe, 00000005.00000002.2399427242.000002B246800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/AcceptAffiliate.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/DeclineAffiliate.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/KeyGuardAffiliateLogo.png
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD3C3000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18477000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD3C3000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18477000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F002FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Belongings/inter-regular.ttf
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/ZipThis;component/ui/keyguardaffiliatewindow.xaml
Source: chrome.exe, 0000000C.00000002.1450127325.00005CB4000E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/advqtdv6t35gmqvdg3dzxo4krmzq_117.0.5938.149/117.0.5
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.5.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chrome.exe, 0000000C.00000002.1432018767.0000025184022000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1432018767.000002518406D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/AcceptAffiliate.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/DeclineAffiliate.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/KeyGuardAffiliateLogo.png
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/Belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/acceptaffiliate.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/declineaffiliate.png
Source: ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-bold.ttf
Source: ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-medium.ttf
Source: ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/dmsans-regular.ttf
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/belongings/keyguardaffiliatelogo.png
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/ui/keyguardaffiliatewindow.baml
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/ui/keyguardaffiliatewindow.xaml
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: powershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: chrome.exe, 0000000C.00000003.1404162480.00005CB400B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: Updater.exe, 00000012.00000002.1713657901.000001F6D2BEA000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2C7D000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F8827DC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
Source: Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: Updater.exe, 00000012.00000002.1713657901.000001F6D2BEA000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2C7D000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F8827DC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Libs
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00157000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1244675831.0000026BA03B1000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD1BB000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2BAF000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18261000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88270F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: ZipThisApp.exe, 0000001C.00000002.1977422293.0000028B33DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: ZipThisApp.exe.1.drString found in binary or memory: http://scripts.sil.org/OFLThis
Source: ZipThis.exeString found in binary or memory: http://scripts.sil.org/OFLhttps://rsms.me/Rasmus
Source: ZipThisApp.exe.1.drString found in binary or memory: http://scripts.sil.org/OFLhttps://www.indiantypefoundry.comhttp://www.colophon-foundry.orgColophon
Source: ZipThisApp.exe, 0000000E.00000002.2021006452.000001E8C5DA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLlt
Source: ZipThisApp.exe, 0000001C.00000002.1974837795.0000028B31710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLndry.org7Y
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sts.thisilient.com
Source: Updater.exe, 00000012.00000002.1713657901.000001F6D2BC5000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F882725000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tzpdld.com
Source: chrome.exe, 0000000C.00000002.1468270667.00005CB400C78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: ZipThis.exe, 00000001.00000002.1407236132.0000022F1A022000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2021006452.000001E8C5DA6000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1977422293.0000028B33DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.colophon-foundry.org
Source: powershell.exe, 00000003.00000002.1276007442.0000026BB91A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA03B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA202E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/65742
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/73693
Source: chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369v
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00157000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apb.thisilient.com
Source: ZipThis.exeString found in binary or memory: https://apb.thisilient.com/v6
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD1BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://can.thisilient.com
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: https://can.thisilient.com/r
Source: ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://can.thisilient.compV
Source: chromecache_95.13.drString found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_95.13.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 0000000C.00000003.1379167568.00005CB400F58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000000C.00000002.1463293072.00005CB4009A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 0000000C.00000003.1404162480.00005CB400B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1399507394.00005CB400CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 0000000C.00000003.1377161689.00005CB400F58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379562359.00005CB400F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379562359.00005CB400F8A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1420678210.00005CB400F70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377240859.00005CB400F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1401407595.00005CB400B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379167568.00005CB400F58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 0000000C.00000002.1445706227.000042F400930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000C.00000002.1446838817.00005CB400020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000000C.00000002.1456497766.00005CB400760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 0000000C.00000002.1456497766.00005CB400760000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/ymous
Source: chrome.exe, 0000000C.00000003.1350499276.0000021C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1350528333.0000021C002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1461110707.00005CB4008A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1454481141.00005CB4003DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1446838817.00005CB400020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 0000000C.00000002.1451608978.00005CB40014C000.00000004.00000800.00020000.00000000.sdmp, chromecache_95.13.drString found in binary or memory: https://code.jquery.com/jquery-3.5.1.slim.min.js
Source: powershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: chrome.exe, 0000000C.00000002.1473075157.00005CB400E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1467933664.00005CB400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1467933664.00005CB400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1467933664.00005CB400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabq
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 0000000C.00000003.1399230233.00005CB4011BE000.00000004.00000800.00020000.00000000.sdmp, chromecache_100.13.drString found in binary or memory: https://fonts.googleapis.com/css2?family=DM
Source: chromecache_96.13.drString found in binary or memory: https://fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2)
Source: chromecache_96.13.drString found in binary or memory: https://fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu6-K6h9Q.woff2)
Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000005.00000003.1202748351.000002B246550000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
Source: chromecache_102.13.drString found in binary or memory: https://getbootstrap.com/)
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: ZipThis.exeString found in binary or memory: https://github.com/rsms/inter)
Source: chromecache_102.13.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA23AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: chrome.exe, 0000000C.00000002.1445706227.000042F400930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 0000000C.00000002.1445706227.000042F400930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000C.00000003.1357597505.000042F400878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 0000000C.00000002.1461285790.00005CB4008B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 0000000C.00000003.1360648331.000042F400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 0000000C.00000003.1360648331.000042F400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 0000000C.00000002.1441423658.000042F400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardB
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 0000000C.00000003.1360648331.000042F400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000003.1360648331.000042F400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 0000000C.00000003.1357597505.000042F400878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 0000000C.00000002.1445382879.000042F400918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 0000000C.00000003.1405400837.00005CB4007BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: powershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: ZipThis.exe, 00000001.00000002.1407236132.0000022F1A022000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rsms.me/
Source: chrome.exe, 0000000C.00000002.1448544822.00005CB400088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1461285790.00005CB4008B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 0000000C.00000002.1461285790.00005CB4008B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
Source: chromecache_95.13.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
Source: chromecache_95.13.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilPZ
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0067C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilie
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.thisilient.com
Source: ZipThis.exeString found in binary or memory: https://sts.thisilient.com/st
Source: chrome.exe, 0000000C.00000003.1399507394.00005CB400CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
Source: Updater.exe, 00000012.00000002.1713657901.000001F6D2BAF000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2BEA000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88270F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tzpdld.com
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0046F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2B11000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1711237531.000001F6D110A000.00000002.00000001.01000000.00000016.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F882671000.00000004.00000800.00020000.00000000.sdmp, Updater.dll.1.drString found in binary or memory: https://tzpdld.com/update/auth
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0046F000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2BEA000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1711237531.000001F6D110A000.00000002.00000001.01000000.00000016.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmp, Updater.dll.1.drString found in binary or memory: https://tzpdld.com/update/download
Source: ZipThis.exe, ZipThisApp.exe.1.dr, Updater.exe.1.dr, Uninstall.exe.1.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 0000000C.00000003.1416232959.00005CB40072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: chrome.exe, 0000000C.00000003.1377240859.00005CB400F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1462140411.00005CB400910000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 0000000C.00000003.1417995931.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407333524.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1407177716.00005CB4003B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1406815180.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1414448856.00005CB4003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
Source: chromecache_95.13.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chrome.exe, 0000000C.00000002.1473592345.00005CB400EFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WDH55T65
Source: chrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
Source: ZipThis.exe, 00000001.00000002.1407236132.0000022F1A022000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1977422293.0000028B33DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.indiantypefoundry.com
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytcaValidator
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/legal
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/legal?
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/policy
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/policy?
Source: ZipThis.exe, Uninstall.exe.1.drString found in binary or memory: https://www.zipthisapp.com/see-you-later
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmp, ZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=
Source: chrome.exe, 0000000C.00000002.1443367226.000042F4002ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-596
Source: chrome.exe, 0000000C.00000003.1420908270.00005CB40103D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1417809621.00005CB401128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
Source: chrome.exe, 0000000C.00000002.1468833205.00005CB400CB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad8330(x
Source: chrome.exe, 0000000C.00000002.1460499845.00005CB400870000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad83335
Source: ZipThis.exe, 00000001.00000002.1429917089.0000022F7F984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833=X
Source: chrome.exe, 0000000C.00000002.1435824453.00000251F4650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833C:
Source: chrome.exe, 0000000C.00000002.1426861136.0000021C00238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1441423658.000042F400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833PSModulePath=C:
Source: chrome.exe, 0000000C.00000003.1417809621.00005CB401128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833Zip
Source: chrome.exe, 0000000C.00000003.1386120216.00005CB4011B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833_id
Source: chrome.exe, 0000000C.00000002.1467110211.00005CB400BB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833_page.html
Source: chrome.exe, 0000000C.00000002.1441423658.000042F400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833about
Source: ZipThis.exeString found in binary or memory: https://www.zipthisapp.com/success?u=wSoftware
Source: chrome.exe, 0000000C.00000003.1399507394.00005CB400CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.com:443
Source: chrome.exe, 0000000C.00000002.1478003091.00005CB4010B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zipthisapp.comgjdpnpccoofpliimaahmaaome
Source: chrome.exe, 0000000C.00000002.1479598902.00005CB4011BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1479713249.00005CB4011C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/
Source: chrome.exe, 0000000C.00000002.1473592345.00005CB400EFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/https://www.googletagmanager.com/gtm.js?id=GTM-WDH55T65
Source: chrome.exe, 0000000C.00000002.1468094151.00005CB400C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zipthisapp.com/ta
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.33.84.9:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 5.161.105.73:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD28ED281_2_00007FF9CD28ED28
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD28EDA81_2_00007FF9CD28EDA8
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2923501_2_00007FF9CD292350
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD275DE61_2_00007FF9CD275DE6
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD277E2C1_2_00007FF9CD277E2C
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2795321_2_00007FF9CD279532
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD28ED201_2_00007FF9CD28ED20
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2737CA1_2_00007FF9CD2737CA
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD271FC81_2_00007FF9CD271FC8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD2811D83_2_00007FF9CD2811D8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD2CCF703_2_00007FF9CD2CCF70
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64EE9A3_2_00007FF9CD64EE9A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64E61D3_2_00007FF9CD64E61D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD631E0F3_2_00007FF9CD631E0F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD637DEB3_2_00007FF9CD637DEB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64B6873_2_00007FF9CD64B687
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD640E593_2_00007FF9CD640E59
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD646D3B3_2_00007FF9CD646D3B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63C5043_2_00007FF9CD63C504
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63EDC43_2_00007FF9CD63EDC4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63A5C83_2_00007FF9CD63A5C8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6415A53_2_00007FF9CD6415A5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD644D7D3_2_00007FF9CD644D7D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6508503_2_00007FF9CD650850
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64802B3_2_00007FF9CD64802B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64701D3_2_00007FF9CD64701D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6418B93_2_00007FF9CD6418B9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64A09D3_2_00007FF9CD64A09D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64C74D3_2_00007FF9CD64C74D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64A72D3_2_00007FF9CD64A72D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64EF183_2_00007FF9CD64EF18
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64BF9D3_2_00007FF9CD64BF9D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63EF893_2_00007FF9CD63EF89
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64723D3_2_00007FF9CD64723D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD635A2D3_2_00007FF9CD635A2D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6479FB3_2_00007FF9CD6479FB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64B1FB3_2_00007FF9CD64B1FB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64C2953_2_00007FF9CD64C295
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63A1083_2_00007FF9CD63A108
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6328F23_2_00007FF9CD6328F2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63F1B73_2_00007FF9CD63F1B7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63F9953_2_00007FF9CD63F995
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD632BE03_2_00007FF9CD632BE0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD636CC93_2_00007FF9CD636CC9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64CCBD3_2_00007FF9CD64CCBD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD647CBD3_2_00007FF9CD647CBD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD63FCC43_2_00007FF9CD63FCC4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD6304A93_2_00007FF9CD6304A9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64745D3_2_00007FF9CD64745D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD640B453_2_00007FF9CD640B45
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64A3CD3_2_00007FF9CD64A3CD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD631BCE3_2_00007FF9CD631BCE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64839D3_2_00007FF9CD64839D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD64D36B3_2_00007FF9CD64D36B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD8A26CD3_2_00007FF9CD8A26CD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD9F748A3_2_00007FF9CD9F748A
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8D4FA818_2_00007FFA2E8D4FA8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E9F0818_2_00007FFA2E8E9F08
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8D470818_2_00007FFA2E8D4708
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8DA84018_2_00007FFA2E8DA840
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8D388018_2_00007FFA2E8D3880
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8D07C818_2_00007FFA2E8D07C8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BBD4418_2_00007FFA2E8BBD44
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8CACDC18_2_00007FFA2E8CACDC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E550018_2_00007FFA2E8E5500
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E465018_2_00007FFA2E8E4650
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8C65DC18_2_00007FFA2E8C65DC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E15DC18_2_00007FFA2E8E15DC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E7E1818_2_00007FFA2E8E7E18
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8EA5FC18_2_00007FFA2E8EA5FC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E8AEC18_2_00007FFA2E8E8AEC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8CF30C18_2_00007FFA2E8CF30C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BD32C18_2_00007FFA2E8BD32C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E346018_2_00007FFA2E8E3460
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8E2C9018_2_00007FFA2E8E2C90
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8D2BD018_2_00007FFA2E8D2BD0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8C718418_2_00007FFA2E8C7184
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BB9B818_2_00007FFA2E8BB9B8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8C89A018_2_00007FFA2E8C89A0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BF1A018_2_00007FFA2E8BF1A0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8C693418_2_00007FFA2E8C6934
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8C62A818_2_00007FFA2E8C62A8
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8CA1BC18_2_00007FFA2E8CA1BC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA533C7CA018_2_00007FFA533C7CA0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FF9CD28176018_2_00007FF9CD281760
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 28_2_00007FF9CD2812C228_2_00007FF9CD2812C2
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 29_2_00007FF9CD25176029_2_00007FF9CD251760
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 29_2_00007FF9CD25D0B029_2_00007FF9CD25D0B0
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: String function: 00007FF9CD281C40 appears 48 times
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: String function: 00007FF9CD251C40 appears 47 times
Source: ZipThisApp.exe.1.drStatic PE information: No import functions for PE file found
Source: Uninstall.exe.1.drStatic PE information: No import functions for PE file found
Source: Updater.exe.1.drStatic PE information: No import functions for PE file found
Source: Libs.dll.1.drStatic PE information: No import functions for PE file found
Source: ZipThis.exeStatic PE information: No import functions for PE file found
Source: ZipThis.exe, 00000001.00000000.1139667476.0000022F7B342000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000000.1139667476.0000022F7B342000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_2.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_atomic_wait.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0033F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameconcrt140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0033F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLibs.dll4 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVCAMP140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevccorlib140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVCOMP140.DLLT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0049D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdater.exe0 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F005A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F005A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_1.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00398000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLibs.dll4 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00580000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_threads.dllT vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0046F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdater.exe0 vs ZipThis.exe
Source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0044C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140_codecvt_ids.dllT vs ZipThis.exe
Source: ZipThis.exeBinary or memory string: OriginalFilenameZipThisApp.exe6 vs ZipThis.exe
Source: ZipThis.exeBinary or memory string: OriginalFilenameUninstall.exe4 vs ZipThis.exe
Source: ZipThis.exe, ProcessPathFinder.csBase64 encoded string: 'QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU=', 'QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU='
Source: Uninstall.exe.1.dr, AppRemover.csBase64 encoded string: 'QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU=', 'QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXGNocm9tZS5leGU='
Source: classification engineClassification label: mal42.evad.winEXE@23/48@14/9
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BA7F0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,18_2_00007FFA2E8BA7F0
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThisJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pd5ey0s1.i0m.ps1Jump to behavior
Source: ZipThis.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ZipThis.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\ZipThis.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: chrome.exe, 0000000C.00000003.1416232959.00005CB400733000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: ZipThis.exeReversingLabs: Detection: 26%
Source: ZipThis.exeString found in binary or memory: $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 30)
Source: ZipThis.exeString found in binary or memory: $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RestartCount 2 -RestartInterval (New-TimeSpan -Minutes 10) -RunOnlyIfNetworkAvailable
Source: ZipThis.exeString found in binary or memory: 2belongings/add_circle.png>belongings/add_circle_white.pngR
Source: ZipThis.exeString found in binary or memory: /Belongings/add_circle.png
Source: ZipThis.exeString found in binary or memory: /Belongings/add_circle_white.png
Source: unknownProcess created: C:\Users\user\Desktop\ZipThis.exe "C:\Users\user\Desktop\ZipThis.exe"
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1992,i,15463440433173817224,3086299219128565272,262144 /prefetch:8
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\Updater.exe "C:\Users\user\AppData\Local\ZipThis\Updater.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\ZipThis\Updater.exe "C:\Users\user\AppData\Local\ZipThis\Updater.exe"
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1992,i,15463440433173817224,3086299219128565272,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeSection loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasman.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\ZipThis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32Jump to behavior
Source: ZipThisApp.lnk.1.drLNK file: ..\AppData\Local\ZipThis\ZipThisApp.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\ZipThis.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZipThisJump to behavior
Source: ZipThis.exeStatic PE information: certificate valid
Source: ZipThis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: ZipThis.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: ZipThis.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ZipThis.exeStatic file information: File size 2820904 > 1048576
Source: ZipThis.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x290400
Source: ZipThis.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ZipThis.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Updater.exe, 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmp, msvcp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Updater.exe, 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmp, msvcp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00580000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0044C000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F003AF000.00000004.00000800.00020000.00000000.sdmp, msvcp140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_codecvt_ids.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F0044C000.00000004.00000800.00020000.00000000.sdmp, msvcp140_codecvt_ids.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmp, vcruntime140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmp, vcruntime140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmp, Updater.exe, 0000001D.00000002.2085708641.00007FFA56445000.00000002.00000001.01000000.00000019.sdmp, vcruntime140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_threads.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00580000.00000004.00000800.00020000.00000000.sdmp, vcruntime140_threads.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdb source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, vcomp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_atomic_wait.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F00402000.00000004.00000800.00020000.00000000.sdmp, msvcp140_2.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ZipThis.exe, 00000001.00000002.1389039393.0000022F004B3000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmp, Updater.exe, 0000001D.00000002.2085708641.00007FFA56445000.00000002.00000001.01000000.00000019.sdmp, vcruntime140_1.dll.1.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.1.dr
Source: ZipThis.exeStatic PE information: 0xBF47FCA7 [Fri Sep 11 02:59:51 2071 UTC]
Source: Updater.dll.1.drStatic PE information: section name: .nep
Source: vcomp140.dll.1.drStatic PE information: section name: _RDATA
Source: vcruntime140.dll.1.drStatic PE information: section name: fothk
Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD282674 push eax; iretd 1_2_00007FF9CD282700
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2826A5 push eax; iretd 1_2_00007FF9CD282700
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD277518 push ebx; iretd 1_2_00007FF9CD27753A
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD277508 push ebx; iretd 1_2_00007FF9CD27753A
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2774F8 push ebx; iretd 1_2_00007FF9CD27753A
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD28271F pushad ; iretd 1_2_00007FF9CD282738
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2701AD push E95E4D4Ch; ret 1_2_00007FF9CD2701C9
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD276C41 pushad ; iretd 1_2_00007FF9CD276C42
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD2823D5 pushad ; iretd 1_2_00007FF9CD2825F6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD4F46DC push ds; retf 3_2_00007FF9CD4F474F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD4F7BD4 push esi; ret 3_2_00007FF9CD4F7BD7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD650D00 push eax; iretd 3_2_00007FF9CD650D04
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD650CAA push eax; iretd 3_2_00007FF9CD650CAE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD638B2D pushfd ; ret 3_2_00007FF9CD638B31
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD89475B push es; retf 3_2_00007FF9CD894767
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD89470B push esi; retf 3_2_00007FF9CD894717
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD9FDBBC pushad ; ret 3_2_00007FF9CD9FDBB4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD9FDB9C pushad ; ret 3_2_00007FF9CD9FDBB4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD9F9700 pushad ; ret 3_2_00007FF9CD9F9714
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD9FDB4C pushad ; ret 3_2_00007FF9CD9FDBB4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE960C push ecx; iretd 3_2_00007FF9CDAE961A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE5958 push ebx; retf 3_2_00007FF9CDAE59EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAEA136 push edi; iretd 3_2_00007FF9CDAEA16A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE9869 push edx; iretd 3_2_00007FF9CDAE986A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE9F95 push ebp; iretd 3_2_00007FF9CDAE9FAA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE9B70 push ebx; iretd 3_2_00007FF9CDAE9B7A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE97D5 push edx; iretd 3_2_00007FF9CDAE97EA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CDAE9FC9 push esi; iretd 3_2_00007FF9CDAE9FCA
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 14_2_00007FF9CD270E2D push E95D57FAh; ret 14_2_00007FF9CD270E59
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 14_2_00007FF9CD2641C7 push ecx; iretd 14_2_00007FF9CD26431C
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeCode function: 14_2_00007FF9CD2601AD push E95E4E4Ch; ret 14_2_00007FF9CD2601C9
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcamp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Updater.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vccorlib140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Libs.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\vcomp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\Updater.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeFile created: C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dllJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: 22F7B920000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: 22F7D470000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 1E8AB7E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 1E8C51A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 1F6D0E10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 1F6EAB10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 28B16BB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeMemory allocated: 28B30260000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 1F880D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeMemory allocated: 1F89A670000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\ZipThis.exeCode function: 1_2_00007FF9CD27F1C2 str word ptr [eax+3Ah]1_2_00007FF9CD27F1C2
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599665
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599426
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599301
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599175
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599051
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598923
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598796
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598684
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598573
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598462
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598350
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598238
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598111
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597967
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597855
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597744
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597632
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597520
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597392
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597265
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597153
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597041
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596929
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596817
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596689
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596562
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596450
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596338
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596226
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596114
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595986
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595858
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595747
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595635
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595523
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595411
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595283
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595155
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599663
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599427
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599299
Source: C:\Users\user\Desktop\ZipThis.exeWindow / User API: threadDelayed 9505Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1427Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8426Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 9428Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 359Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeWindow / User API: threadDelayed 8392
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeWindow / User API: threadDelayed 8762
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeWindow / User API: threadDelayed 1010
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcamp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\concrt140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vccorlib140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Libs.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\vcomp140.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\Updater.dllJump to dropped file
Source: C:\Users\user\Desktop\ZipThis.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeAPI coverage: 0.4 %
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -5534023222112862s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99888s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99776s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99663s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99538s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99425s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99299s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99172s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -99061s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exe TID: 7028Thread sleep time: -98950s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6300Thread sleep count: 1427 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6300Thread sleep count: 8426 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3336Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 4412Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 1092Thread sleep time: -21213755684765971s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599888s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 2516Thread sleep count: 8392 > 30
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599777s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599665s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599553s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599426s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599301s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599175s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -599051s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598923s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598796s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598684s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598573s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598462s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598350s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598238s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -598111s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597967s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597855s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597744s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597632s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597520s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597392s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597265s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597153s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -597041s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596929s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596817s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596689s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596562s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596450s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596338s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596226s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -596114s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595986s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595858s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595747s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595635s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595523s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595411s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595283s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1976Thread sleep time: -595155s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5576Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 6372Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 6928Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 7048Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe TID: 6932Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599888s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1060Thread sleep count: 1010 > 30
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599777s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 1060Thread sleep count: 188 > 30
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599663s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599553s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599427s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5148Thread sleep time: -599299s >= -30000s
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exe TID: 5080Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E8BA360 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,18_2_00007FFA2E8BA360
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF9CD284462 GetSystemInfo,3_2_00007FF9CD284462
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99888Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99776Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99663Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99538Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99425Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99299Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99172Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 99061Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeThread delayed: delay time: 98950Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599665
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599426
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599301
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599175
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599051
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598923
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598796
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598684
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598573
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598462
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598350
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598238
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 598111
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597967
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597855
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597744
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597632
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597520
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597392
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597265
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597153
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 597041
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596929
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596817
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596689
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596562
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596450
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596338
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596226
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 596114
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595986
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595858
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595747
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595635
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595523
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595411
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595283
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 595155
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599888
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599777
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599663
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599553
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599427
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeThread delayed: delay time: 599299
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
Source: svchost.exe, 00000005.00000002.2395116879.000002B24102B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2400498056.000002B246862000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2400872568.000002B24686C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: ZipThis.exe, 00000001.00000002.1429917089.0000022F7FB2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: ZipThis.exe, 00000001.00000002.1429917089.0000022F7FB2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
Source: ZipThis.exe, 00000001.00000002.1429917089.0000022F7FBD3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1435824453.00000251F4659000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2015310090.000001E8C58A1000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1708476980.000001F6D0F08000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1969908202.0000028B30CAE000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2071664890.000001F880C08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_000001F6D1106DDC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_000001F6D1106DDC
Source: C:\Users\user\Desktop\ZipThis.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_000001F6D11067B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_000001F6D11067B4
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_000001F6D1106DDC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_000001F6D1106DDC
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA2E902130 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFA2E902130
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA533B4628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFA533B4628
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_00007FFA533D0AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FFA533D0AD8
Source: C:\Users\user\Desktop\ZipThis.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833Jump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeProcess created: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe "C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: GetLocaleInfoEx,FormatMessageA,18_2_00007FFA2E8C1F6C
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,18_2_00007FFA2E8DD6A0
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Users\user\Desktop\ZipThis.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ZipThis.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.3448.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Libs.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Updater.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Users\user\AppData\Local\ZipThis\Libs.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\ZipThis\Updater.exeCode function: 18_2_000001F6D11069C4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,18_2_000001F6D11069C4
Source: C:\Users\user\Desktop\ZipThis.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Extra Window Memory Injection		21
Obfuscated Files or Information		Security Account Manager35
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		1
Timestomp		NTDS1
Query Registry		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		1
DLL Side-Loading		LSA Secrets21
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Search Order Hijacking		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Extra Window Memory Injection		DCSync51
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Masquerading		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Rundll32		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586192 Sample: ZipThis.exe Startdate: 08/01/2025 Architecture: WINDOWS Score: 42 39 tzpdld.com 2->39 41 sts.thisilient.com 2->41 43 2 other IPs or domains 2->43 61 Multi AV Scanner detection for submitted file 2->61 63 AI detected suspicious sample 2->63 8 ZipThis.exe 19 28 2->8         started        12 svchost.exe 1 1 2->12         started        14 Updater.exe 2->14         started        16 3 other processes 2->16 signatures3 process4 dnsIp5 47 apb.thisilient.com 45.33.84.9, 443, 49705, 49706 LINODE-APLinodeLLCUS United States 8->47 31 C:\Users\user\...\vcruntime140_threads.dll, PE32+ 8->31 dropped 33 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 8->33 dropped 35 C:\Users\user\AppData\...\vcruntime140.dll, PE32+ 8->35 dropped 37 14 other files (11 malicious) 8->37 dropped 18 powershell.exe 9 8->18         started        21 chrome.exe 8->21         started        24 ZipThisApp.exe 14 2 8->24         started        49 127.0.0.1 unknown unknown 12->49 51 tzpdld.com 5.161.105.73, 443, 49733, 49734 HETZNER-ASDE Germany 14->51 file6 process7 dnsIp8 59 Loading BitLocker PowerShell Module 18->59 26 conhost.exe 18->26         started        45 239.255.255.250 unknown Reserved 21->45 28 chrome.exe 21->28         started        signatures9 process10 dnsIp11 53 jsdelivr.map.fastly.net 151.101.1.229, 443, 49727 FASTLYUS United States 28->53 55 code.jquery.com 151.101.2.137, 443, 49725 FASTLYUS United States 28->55 57 4 other IPs or domains 28->57

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ZipThis.exe26%ReversingLabsWin32.Spyware.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\ZipThis\Libs.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Uninstall.exe0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Updater.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\Updater.exe11%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe4%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\concrt140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcamp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vccorlib140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcomp140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.zipthisapp.com/assets/css/main.css0%Avira URL Cloudsafe
http://foo/bar/belongings/acceptaffiliate.png0%Avira URL Cloudsafe
http://foo/bar/belongings/dmsans-regular.ttf0%Avira URL Cloudsafe
https://can.thisilient.compV0%Avira URL Cloudsafe
http://defaultcontainer/Belongings/inter-regular.ttf0%Avira URL Cloudsafe
https://www.zipthisapp.com/assets/images/256px.png0%Avira URL Cloudsafe
http://anglebug.com/772430%Avira URL Cloudsafe
http://scripts.sil.org/OFLndry.org7Y0%Avira URL Cloudsafe
https://www.zipthisapp.com:4430%Avira URL Cloudsafe
https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad8330(x0%Avira URL Cloudsafe
http://foo/bar/belongings/dmsans-medium.ttf0%Avira URL Cloudsafe
http://sts.thisilient.com0%Avira URL Cloudsafe
http://anglebug.com/727910%Avira URL Cloudsafe
https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833_id0%Avira URL Cloudsafe
http://scripts.sil.org/OFLlt0%Avira URL Cloudsafe
https://anglebug.com/7369v0%Avira URL Cloudsafe
https://anglebug.com/657420%Avira URL Cloudsafe
http://foo/Belongings/dmsans-bold.ttf0%Avira URL Cloudsafe
http://foo/Belongings/KeyGuardAffiliateLogo.png0%Avira URL Cloudsafe
http://foo/ui/keyguardaffiliatewindow.xaml0%Avira URL Cloudsafe
https://sts.thisilPZ0%Avira URL Cloudsafe
http://anglebug.com/5007(0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
stackpath.bootstrapcdn.com
104.18.10.207
truefalse
    		high
    jsdelivr.map.fastly.net
    		151.101.1.229
    		truefalse
      		high
      code.jquery.com
      		151.101.2.137
      		truefalse
        		high
        can.thisilient.com
        		45.33.84.9
        		truefalse
          		high
          cdnjs.cloudflare.com
          		104.17.25.14
          		truefalse
            		high
            sts.thisilient.com
            		45.33.84.9
            		truefalse
              		high
              www.zipthisapp.com
              		104.18.2.200
              		truefalse
                		high
                tzpdld.com
                		5.161.105.73
                		truefalse
                  		high
                  apb.thisilient.com
                  		45.33.84.9
                  		truefalse
                    		high
                    cdn.jsdelivr.net
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.jsfalse
                        		high
                        https://www.zipthisapp.com/assets/css/main.cssfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.zipthisapp.com/assets/images/256px.pngfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabchrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://foo/bar/belongings/dmsans-regular.ttfZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://scripts.sil.org/OFLndry.org7YZipThisApp.exe, 0000001C.00000002.1974837795.0000028B31710000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://tzpdld.comUpdater.exe, 00000012.00000002.1713657901.000001F6D2BC5000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F882725000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000C.00000002.1448544822.00005CB400088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1461285790.00005CB4008B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.datacontract.orgUpdater.exe, 00000012.00000002.1713657901.000001F6D2BEA000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2C7D000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F8827DC000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88274A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/document/Jchrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1467933664.00005CB400C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://anglebug.com/4633chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://anglebug.com/7382chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://issuetracker.google.com/284462263chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/77243chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://docs.google.com/document/:chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1467933664.00005CB400C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://anglebug.com/7714chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://can.thisilient.compVZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18261000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://unisolated.invalid/chrome.exe, 0000000C.00000002.1468270667.00005CB400C78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://defaultcontainer/Belongings/inter-regular.ttfZipThis.exe, 00000001.00000002.1389039393.0000022F002FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.google.com/?lfhs=2chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/6248chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://anglebug.com/6929chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/5281chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZipThis.exe, 00000001.00000002.1389039393.0000022F00157000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1244675831.0000026BA03B1000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD1BB000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 00000012.00000002.1713657901.000001F6D2BAF000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18261000.00000004.00000800.00020000.00000000.sdmp, Updater.exe, 0000001D.00000002.2075847602.000001F88270F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.com/?feature=ytcachrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://issuetracker.google.com/255411748chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://foo/bar/belongings/acceptaffiliate.pngZipThis.exe, 00000001.00000002.1389039393.0000022F00239000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://anglebug.com/7246chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7369chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7489chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://duckduckgo.com/?q=chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.zipthisapp.com/legal?ZipThis.exefalse
                                                                                		high
                                                                                https://chrome.google.com/webstorechrome.exe, 0000000C.00000003.1379167568.00005CB400F58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.colophon-foundry.orgZipThis.exe, 00000001.00000002.1407236132.0000022F1A022000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000000E.00000002.2021006452.000001E8C5DA6000.00000004.00000020.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1977422293.0000028B33DA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://contoso.com/Iconpowershell.exe, 00000003.00000002.1270173219.0000026BB0422000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=chrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://crl.ver)svchost.exe, 00000005.00000002.2399427242.000002B246800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://issuetracker.google.com/161903006chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad8330(xchrome.exe, 0000000C.00000002.1468833205.00005CB400CB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icochrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000C.00000003.1405400837.00005CB4007BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/3078chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1446838817.00005CB400020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/7553chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/5375chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/5371chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/4722chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://developer.chrome.com/extensions/external_extensions.html)chrome.exe, 0000000C.00000002.1450127325.00005CB4000E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1244675831.0000026BA05D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/7556chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://chromewebstore.google.com/chrome.exe, 0000000C.00000002.1446838817.00005CB400020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.zipthisapp.com:443chrome.exe, 0000000C.00000003.1399507394.00005CB400CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.indiantypefoundry.comZipThis.exe, 00000001.00000002.1407236132.0000022F1A022000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1977422293.0000028B33DA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/6692chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://issuetracker.google.com/258207403chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://anglebug.com/3502chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/3623chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/3625chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/3624chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://docs.google.com/presentation/Jchrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/5007chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/3862chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.zipthisapp.com/policyZipThis.exe, 00000001.00000002.1389039393.0000022F00001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000C.00000003.1377161689.00005CB400F58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379562359.00005CB400F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379562359.00005CB400F8A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1420678210.00005CB400F70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377240859.00005CB400F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1401407595.00005CB400B68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1379167568.00005CB400F58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/4836chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://chromium-i18n.appspot.com/ssl-aggregate-address/ymouschrome.exe, 0000000C.00000002.1456497766.00005CB400760000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://issuetracker.google.com/issues/166475273chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/72791chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://foo/bar/belongings/dmsans-medium.ttfZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://ch.search.yahoo.com/favicon.icochrome.exe, 0000000C.00000003.1378866147.00005CB400EB5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1377500686.00005CB400EB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/presentation/:chrome.exe, 0000000C.00000003.1416449606.00005CB400994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://sts.thisilient.comZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://anglebug.com/7369vchrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833_idchrome.exe, 0000000C.00000003.1386120216.00005CB4011B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://anglebug.com/4384chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://scripts.sil.org/OFLltZipThisApp.exe, 0000000E.00000002.2021006452.000001E8C5DA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://anglebug.com/65742chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://fontfabrik.comchrome.exe, 0000000C.00000002.1432018767.0000025184022000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1432018767.000002518406D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://foo/Belongings/KeyGuardAffiliateLogo.pngZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://foo/Belongings/dmsans-bold.ttfZipThisApp.exe, 0000000E.00000002.2005421241.000001E8AD253000.00000004.00000800.00020000.00000000.sdmp, ZipThisApp.exe, 0000001C.00000002.1959147638.0000028B18313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://anglebug.com/3970chrome.exe, 0000000C.00000002.1463641605.00005CB4009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://apis.google.comchrome.exe, 0000000C.00000003.1398063463.00005CB400284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000C.00000003.1355208455.000042F40071C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://foo/ui/keyguardaffiliatewindow.xamlZipThis.exe, 00000001.00000002.1389039393.0000022F00696000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://anglebug.com/5007(chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://anglebug.com/7604chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/7761chrome.exe, 0000000C.00000002.1456082093.00005CB400738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/7760chrome.exe, 0000000C.00000002.1465683018.00005CB400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icochrome.exe, 0000000C.00000002.1454274596.00005CB4003C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1462140411.00005CB400910000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/5901chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3965chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.1473592345.00005CB400EEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/6439chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/7406chrome.exe, 0000000C.00000002.1471218610.00005CB400DB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376203061.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1369569351.00005CB4002A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1376394390.00005CB400A5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://sts.thisilPZZipThis.exe, 00000001.00000002.1389039393.0000022F00638000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public IPs

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  151.101.1.229
                                                                                                                                                                                  		jsdelivr.map.fastly.netUnited States
                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                  104.18.10.207
                                                                                                                                                                                  		stackpath.bootstrapcdn.comUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                  104.18.2.200
                                                                                                                                                                                  		www.zipthisapp.comUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                  151.101.2.137
                                                                                                                                                                                  		code.jquery.comUnited States
                                                                                                                                                                                  		54113FASTLYUSfalse
                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                  45.33.84.9
                                                                                                                                                                                  		can.thisilient.comUnited States
                                                                                                                                                                                  		63949LINODE-APLinodeLLCUSfalse
                                                                                                                                                                                  104.17.25.14
                                                                                                                                                                                  		cdnjs.cloudflare.comUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                  5.161.105.73
                                                                                                                                                                                  		tzpdld.comGermany
                                                                                                                                                                                  		24940HETZNER-ASDEfalse

                                                                                                                                                                                  Private

                                                                                                                                                                                  IP
                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                  Analysis ID:1586192
                                                                                                                                                                                  Start date and time:2025-01-08 20:16:18 +01:00
                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 8m 21s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:full
                                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                  Number of analysed new started processes analysed:30
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Sample name:ZipThis.exe
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal42.evad.winEXE@23/48@14/9
                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                  • Successful, ratio: 83.3%
                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.56.254.164, 172.217.18.3, 142.251.168.84, 172.217.18.14, 172.217.23.106, 216.58.206.78, 172.217.16.195, 142.250.185.168, 142.250.185.238, 52.149.20.212, 40.126.31.73, 13.107.5.88, 2.23.227.208
                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, www.googletagmanager.com, login.live.com, e16604.g.akamaiedge.net, evoke-windowsservices-tas.msedge.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net
                                                                                                                                                                                  • Execution Graph export aborted for target Updater.exe, PID 3748 because it is empty
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                  • VT rate limit hit for: ZipThis.exe

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  14:17:00API Interceptor117x Sleep call for process: ZipThis.exe modified
                                                                                                                                                                                  14:17:05API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                  14:17:05API Interceptor30x Sleep call for process: powershell.exe modified
                                                                                                                                                                                  14:17:22API Interceptor23316x Sleep call for process: ZipThisApp.exe modified
                                                                                                                                                                                  14:17:50API Interceptor51x Sleep call for process: Updater.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  151.101.1.229http://www.ledger-secure03948.sssgva.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • cdn.jsdelivr.net/jquery.magnific-popup/1.0.0/jquery.magnific-popup.min.js
                                                                                                                                                                                  New Scanned Copy.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • cdn.jsdelivr.net/jquery.slick/1.6.0/slick.min.js
                                                                                                                                                                                  104.18.10.207http://desifoodcorner.wb4.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.11632.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.6905.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.32268.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.6905.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.4633.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.21631.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
                                                                                                                                                                                  SecuriteInfo.com.Exploit.Siggen3.17149.14541.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1

                                                                                                                                                                                  Domains

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  stackpath.bootstrapcdn.comhttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.10.207
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.10.207
                                                                                                                                                                                  https://e.trustifi.com/#/fff2a0/670719/6dc158/ef68bf/5e1243/19ce62/f4cd99/c6b84a/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d78873/cd64d0/869af2/e9ab57/7015c1/91dda7/f34c0a/f30b47/688cba/a1d645/18dc79/33d9f9/9ee0a0/c61099/8f2456/8e1864/996369/790047/a93a09/347b17/38082d/363d49/f88c07/81bae2/57a7bb/6027c6/942952/b2de1b/e98aef/6a05c2/91297b/c70871/7f29c3/0a450d/ad0cac/967c2a/e7cb67/6e1193/8c4088/13aef1/e1d296/5056d4/51a97e/89a35b/c13e69/fa274a/5b7c2e/a8c901/02856f/1e0211/03ca84/d7b573/7e0de3/e2bdbb/7cab47/4dd465/addb41/2076e1/85559c/dbcb2d/514505/a6a54e/41e864/abb5a5/e59e4b/8c2df6/7e5cf3/b648da/8fbd98/4c7d8a/08e6a3/72f66f/a49cc6/18211b/1e6a5c/0d4fdeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.10.207
                                                                                                                                                                                  https://jmak-service.com/3225640388Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://pozaweclip.upnana.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://email.garagesalefinder.com/c/eJyMU92OsjoUfZp6xwRaoO2FF-XPYT4VnXHQ8caUFivK3wcC-vYnzImc25OQlbXYa-_VJrtyniCCZ-ncwMg2KKWmPrvMCRWYGDSBBAkLnSGigttEUJpiLHRhzLK5JRHWEbE0wS1LkxzqmpnKRCMYcymIhUyJgKkr3nCVtjxPz1kp0-ZNVMUsn1_u9xogBmAAYDAMw5uqKpWnXLZp02cibUcfgEHNVcolgAEX-Q2goOUAeUsAbZ4B5Lma-bXS9YjEH8_jUsCMDFHdh-8V6xawX6ug4FFt3FtnCCFin8wJow2-DWulyU1_iVhfsfe8SpYtI8px_iiPHZXv8Movh2Cj-95Hcj0kV7urV6jyYvatjOfWaYZ2MRxIba6V3Jx55O3PcZmp2muai3lerzYyDgu0zWKnNlb-o7Sf7h6p70NxCvM23_41HfOEGuWGy9q9Hnlqfep7pO0Kfgrvm-rvV7zTOloie11_fJdEol2uDrr9xfmOPrr1Vr-IJWM_mXjnt9SPV5IVx53pOD-UrUI1qHwX-N2-JfHP9ThUm97B9z_nIOnjcuOGjloo51Iwxy6FckMA7bIrAPIMAG2RSYA8a5H18gTbKy737aLto4f-0GD3DaDdZgogj0WebZ6M8IN8ys_TY2eziPTBe70KjWKtt8gaxll5lpZ3gDzBtbpLNBsalBgGNrFuUoTHOC67JgfIGzehnVYBQAtjAC37l8GRuSOYU4G-pG2NgEYgk_ReFjwWsPli0J_MwSSdVxuc_v2bYU25I0BvMvvT0fBL_tdrsyktMAglv0Qs4o5D0vHD8ZIUFG4XwVMUFP0UQcef1jWBOkDea447drMR_PHuZATmTlIH0KIMQPP3-3_uWTOv0_JWvWU9L6semDpvmmpIeHn7fYv9HP4TAAD__7e2IkMGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://bawarq.org/r.php?id=YoExsdlTj9ej3sIxs1X7aZn3DzYWS8OQ2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://bs32c.golfercaps.com/vfd23ced/#sean@virtualintelligencebriefing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.11.207
                                                                                                                                                                                  https://app.saner.ai/shared/notes/7353e5ae-dd5f-410b-92c3-210c9e88052aGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.18.10.207
                                                                                                                                                                                  code.jquery.comhttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v1c9203e54b114ff78bf68159454d9c26Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v39db425d23f84b09b5751cf359b081f4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  Play_VM-NowAccountingAudiowav011.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  https://www.google.at/url?sa==60Pms7JnShWaY3TYp1tJfM6oLKC&rct=0GbqKUbKEUOA0yP6gBhAVbg0AlI6i1vFvwuOapuWmP7TbqjETP71sUvBq6eZihhNTt&sa=t&url=amp/growingf8th.org/t2dolalrwe/yNRMR4AUS6ZyXKIlbmuYFZ8PYol/cGF0ZS5yb3dlbGxAY2hlcm9rZWVicmljay5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  Selvi Payroll Benefits & Bonus Agreementfdp.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                  https://e.trustifi.com/#/fff2a0/670719/6dc158/ef68bf/5e1243/19ce62/f4cd99/c6b84a/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d78873/cd64d0/869af2/e9ab57/7015c1/91dda7/f34c0a/f30b47/688cba/a1d645/18dc79/33d9f9/9ee0a0/c61099/8f2456/8e1864/996369/790047/a93a09/347b17/38082d/363d49/f88c07/81bae2/57a7bb/6027c6/942952/b2de1b/e98aef/6a05c2/91297b/c70871/7f29c3/0a450d/ad0cac/967c2a/e7cb67/6e1193/8c4088/13aef1/e1d296/5056d4/51a97e/89a35b/c13e69/fa274a/5b7c2e/a8c901/02856f/1e0211/03ca84/d7b573/7e0de3/e2bdbb/7cab47/4dd465/addb41/2076e1/85559c/dbcb2d/514505/a6a54e/41e864/abb5a5/e59e4b/8c2df6/7e5cf3/b648da/8fbd98/4c7d8a/08e6a3/72f66f/a49cc6/18211b/1e6a5c/0d4fdeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                  https://jmak-service.com/3225640388Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.130.137
                                                                                                                                                                                  Subscription_Renewal_Invoice_2025_HKVXTC.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  jsdelivr.map.fastly.nethttps://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.65.229
                                                                                                                                                                                  https://url12.mailanyone.net/scanner?m=1tUshS-0000000041D-2l2S&d=4%7Cmail%2F90%2F1736191200%2F1tUshS-0000000041D-2l2S%7Cin12g%7C57e1b682%7C21208867%7C12850088%7C677C2DBECB224D1EED07A26760DE755E&o=%2Fphtp%3A%2Fjtssamcce.ehst.uruirrevam.ctstro%2Fe%3D%2F%3Fixprceetmeat%3Dmn%26aeileplttm%26920%3D09s1-oFmyiSNtMTnafi%25iosctgp40norajmcm.c8p%3D5o%26991dd-86e2ee-4a-9879e6-de5f1dd.%232e.%3D302vp%3D0%26%25ttsdhF23Ap%252a%25Fuii.ctr.vro2omastr%25Fi2ge2ap%25%25FelFp%25cisoie52F21d9c876-89-4e9dd8-9d-d6ea215f22e%25eeFtFde%252maadata%3Da%26kdtuK8rJIg9jKP6GiBXfDGI7Fp%25Lddn2sRxJdhuPpjWD3%25ICb37&s=3NJIrjRA01UUg3P9bWqXPHrWXdkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.1.229
                                                                                                                                                                                  https://pozaweclip.upnana.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.65.229
                                                                                                                                                                                  Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.129.229
                                                                                                                                                                                  https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.1.229
                                                                                                                                                                                  Profile Illustrations and Technical Specifications for This System1.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.65.229
                                                                                                                                                                                  https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.1.229
                                                                                                                                                                                  https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.1.229
                                                                                                                                                                                  https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.1.229
                                                                                                                                                                                  can.thisilient.comhttp://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 45.33.84.9

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  FASTLYUShttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  HTTPS://RAW.GITHUBUSERCONTENT.COM/wINPARwINPAR/DUCKYSCRIPTS/MAIN/nOeSCAPE.EXEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v1c9203e54b114ff78bf68159454d9c26Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v39db425d23f84b09b5751cf359b081f4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  Play_VM-NowAccountingAudiowav011.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  pTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                  https://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.65.229
                                                                                                                                                                                  https://my.remarkable.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.64.176
                                                                                                                                                                                  https://www.google.at/url?sa==60Pms7JnShWaY3TYp1tJfM6oLKC&rct=0GbqKUbKEUOA0yP6gBhAVbg0AlI6i1vFvwuOapuWmP7TbqjETP71sUvBq6eZihhNTt&sa=t&url=amp/growingf8th.org/t2dolalrwe/yNRMR4AUS6ZyXKIlbmuYFZ8PYol/cGF0ZS5yb3dlbGxAY2hlcm9rZWVicmljay5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  CLOUDFLARENETUShttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v1c9203e54b114ff78bf68159454d9c26Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v39db425d23f84b09b5751cf359b081f4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://eldivan.mx/?data=c2dlcmplc0BmaXJzdGFyLWJhbmsuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  Magicleap-bonus disbursment.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                  Quote for new order 2025.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 162.159.36.2
                                                                                                                                                                                  wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                  • 104.21.112.1
                                                                                                                                                                                  CLOUDFLARENETUShttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v1c9203e54b114ff78bf68159454d9c26Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v39db425d23f84b09b5751cf359b081f4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  https://eldivan.mx/?data=c2dlcmplc0BmaXJzdGFyLWJhbmsuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                  Magicleap-bonus disbursment.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 188.114.97.3
                                                                                                                                                                                  Quote for new order 2025.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 162.159.36.2
                                                                                                                                                                                  wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                  • 104.21.112.1
                                                                                                                                                                                  FASTLYUShttps://clicktoviewdocumentonadovemacroreader.federalcourtbiz.com/lhvBR/?e=amFtZXMuYm9zd2VsbEBvdmVybGFrZWhvc3BpdGFsLm9yZw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.66.137
                                                                                                                                                                                  HTTPS://RAW.GITHUBUSERCONTENT.COM/wINPARwINPAR/DUCKYSCRIPTS/MAIN/nOeSCAPE.EXEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                  VM_MSG-Gf.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.194.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v1c9203e54b114ff78bf68159454d9c26Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  https://workdrive.zohopublic.com/writer/open/p369v39db425d23f84b09b5751cf359b081f4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  Play_VM-NowAccountingAudiowav011.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                  pTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                  https://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                  • 151.101.65.229
                                                                                                                                                                                  https://my.remarkable.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.64.176
                                                                                                                                                                                  https://www.google.at/url?sa==60Pms7JnShWaY3TYp1tJfM6oLKC&rct=0GbqKUbKEUOA0yP6gBhAVbg0AlI6i1vFvwuOapuWmP7TbqjETP71sUvBq6eZihhNTt&sa=t&url=amp/growingf8th.org/t2dolalrwe/yNRMR4AUS6ZyXKIlbmuYFZ8PYol/cGF0ZS5yb3dlbGxAY2hlcm9rZWVicmljay5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 151.101.66.137

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0epTVKHqys2h.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  BgroUcYHpy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  https://my.remarkable.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  oagkiAhXgZ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73
                                                                                                                                                                                  h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                  • 45.33.84.9
                                                                                                                                                                                  • 5.161.105.73

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  No context

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                  Entropy (8bit):0.40701849964771464
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:fJeHJFZnnJF9U7JFCRImvqnDskXZrtlpZpaSh5hmn91nzw7LkL4b2bBbP+GCFH+a:fJyyWGWnzwHkL4WLnQnH9
                                                                                                                                                                                  MD5:221DD0C040C3D4865A413055BB32E8BB
                                                                                                                                                                                  SHA1:BFA2FA609BD116428775E8A652C80FEFC2748219
                                                                                                                                                                                  SHA-256:E030E124B66EF6F71D09C922EF532B7EDA5F50F5E8D740A2959F516154792BA9
                                                                                                                                                                                  SHA-512:B5B9D6C858C49BC08C95DD01F9AA82DEAB475DBE979E146E96D50F2B2067BDC2E4B1CB92FCCFD83D8529082D6C27BC0A7A3575F3B162B29178667A70FB26692C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.B..........@..@ /...{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.................................%.O._..r.#.........`h.................h...............X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x887e0824, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                  Entropy (8bit):0.5145152269074467
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:1SB2ESB2SSjlK/av9qn5hbkL4ShyUqn/qnJKYkr3g16HL2UPkLk+kY07Q8zAkUk4:1azakv+hkL4c2L2ULz
                                                                                                                                                                                  MD5:67FB36934A52D30FF74BE1FF0CAF3409
                                                                                                                                                                                  SHA1:AB2DA7739876C462F7FD7AB9BC7AF520760AFDE1
                                                                                                                                                                                  SHA-256:CEE439265BBCAF762929650CA8A4F1F9E26B1D864F5A28A31EBB519EABD95B71
                                                                                                                                                                                  SHA-512:47184746A342B525BC2FAD8F118E37A70EA28BCDFD73941B4A786891B2D89A2ADE590CA7DE442349815C10768960B220B792F9438BE3FA68D86F6834E9F53703
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.~.$... ...............X\...;...{......................0.9..........{.......}..h.;.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ....... /...{...............................................................................................................................................................................................2...{..................................~........}.D................^........}...........................#......h.;.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                  Entropy (8bit):0.07940034600278266
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:+UYeXQhsOBjll/UWjHrJjOqHvjvJ+0KRghltllollx8m9v/ll/TnK2:+UzXQhtjllnjHrJj7jB+QhltAImlLK
                                                                                                                                                                                  MD5:79CCFE5695D57F8759AB2B74DC68FA02
                                                                                                                                                                                  SHA1:36BA2F06CF2D806B7C498DD8C32BAB839FE2F01B
                                                                                                                                                                                  SHA-256:9C06E51C19E7C710095E7F0825FFFE7F6788B56390301CE47006641670BAA35E
                                                                                                                                                                                  SHA-512:3F5D9391A5859AC011E917CEA0B45DC0E2ECFFACA5BA9A53177C08BE1E612AC613A7D0F986D05B31CFD3CAE34E85BD4403B076A29A35F211DE9F0E30461516E6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.*.2.....................................;...{.......}.......{...............{.......{..8. u.....{.&................^........}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):21256
                                                                                                                                                                                  Entropy (8bit):5.47579043329658
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:mXBr65S9fpq6t6XxqahaHUnB4eyzmYD7617L4EGUJ8ecljlGbYQd+T:OrPlLMXxqahBGNeL4+cDGbtE
                                                                                                                                                                                  MD5:78BFBA808ABBD445F6D0791B1857B3CD
                                                                                                                                                                                  SHA1:14C2EFF62B7C62A7F330AAFFC7883FD8AF191B0E
                                                                                                                                                                                  SHA-256:20830D4BDC9773EE4097F3306D7908081A89900E684D3BEE62F39D0D21B4FEBC
                                                                                                                                                                                  SHA-512:AC924D82C8092A00ED2E457832F313AB6AE9CF3C2D2C7358DC5B8AACF56F64FE2721135120DD97F9CEC73302A268997A07650A19B45C5A42D9AD0A0AC3AA7098
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:@...e...........}....................................@..........H...............o..b~.D.poM...H..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.l.....#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5pl5fzrc.ms0.ps1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n42zazbo.tmm.psm1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pd5ey0s1.i0m.ps1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qhyrfqbz.kzs.psm1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\BaseV4.Belongings.favicon.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):118095
                                                                                                                                                                                  Entropy (8bit):4.895798727315238
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:UVyXlBP3FxjC+jZhtWbT8rQafTSMdp5SHOOOOOqMNT:UwBP3j7tYT3gp5YOOOOOqU
                                                                                                                                                                                  MD5:445F0C73332D5E55BD49681AD990527F
                                                                                                                                                                                  SHA1:5055352F2B851C78705A63D401D08D8095E91A0C
                                                                                                                                                                                  SHA-256:AA354C95608D65898F835859327344D7B5342CC92AEEDC763D003C982F3AD286
                                                                                                                                                                                  SHA-512:C83B3E53A9801EDE38D630408569C94ED2F6E40A2813DCC5FE13C39B4C3B2D132E280F95051B60D5EAA1B39676F6D76EB05802D1BB589A21F3FAB9E531D16869
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:............ ..G..f......... .(...GH..@@.... .(B..oP..00.... ..%...... .... .....?......... .h........PNG........IHDR.............\r.f..G.IDATx..{.\Wu.....[.W.....e.lc......0..Wx.!....x%?.2.."L..{ ...........A2c...v...l.,.l.lI..R...........^UuWK-YRwI.V...u..{.>....D".H$..D".H$..D".H...;...)8.;*.;w.......%.].n....|Z.x......?...w....|.3M.gf.r.-.u.....y.......W.r.z..........+.c_.....N...|.....?...,8~.M7..q../.N.Zw.*.rg`..L..I..)..'....<.......7l.yY....pl..?U..m1...V..K..:.c......R.._.C.....6..#..w.u.....0...>.....?.9..~.r.-...........~.p.......r].......o._.._..8.e..D"..4....J...n...z.-<..cM.`.M.m.6...G..a...w..w.q........_..~.;.A.....s.N...+..k...7..#8|.p.|.|...8....idd.'&&....86o.c.ajj.......J...{......i.......e.n.={p...s...000@{..a....}.c..'?.{............>.G.y....(.....e.....]]].8...^..]..M7...(.J.......^.[n.......o..fSyo..vl........7o..^K;w.d/..\s.>.................<..>.].v.....R.....R.=z....M../}..o........x..G..........G*.

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\Libs.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                  Entropy (8bit):5.403648157585069
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oEok4GeC0GRgPSdKDa6Gw4nTRm3icXWnX:oQ4TC0nPSt6Qn2Gn
                                                                                                                                                                                  MD5:8F22D1409CF9222DD8B05EB8E0456050
                                                                                                                                                                                  SHA1:EA477598B8F3C69B4E35ED2ABFCBB56EAC4B033F
                                                                                                                                                                                  SHA-256:D658EA24EE115D2071DEDFF84383657BB540DC1037E6D0FEE689D2751204D4D7
                                                                                                                                                                                  SHA-512:977E161F6C4C70A14450DB1685CDA54C3C529AD58AFD89ED053EF99084EFF97EC3ADF404A3EAB6F605B99C779FDCB89C54BE898F78124CD024D7D895447653D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..0.................. ........... ....................................`...@......@............... ...............................`..h...........................tM............................................................... ..H............text....-... ...................... ..`.rsrc...h....`.......0..............@..@........................................H...........p............................................................r...p(....*.~....*.......*..0..<............(....s.....(.....o....s.......o.............,..o......*......!..0.......0..7............(....s......(....s.......o.............,..o......*..........+.......0..........s......u....9.....t.......rM..p.o.......(....r[..p( ...o!...&..+N...4...%...%.rc..p.%...(.....%.ri..p.%..ru..p(".....o#...(.....($...o%...&..X...o....2...ry..p("...o!...&8.....u....9.....t........rM..p..o

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\Uninstall.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20264
                                                                                                                                                                                  Entropy (8bit):6.888238560459724
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:wI8dBJ1hzqNXS3SU/OVEQ6n/uo6ki2rcNi1HUi4SJIVE8E9VF0Nypg/k:RUzPC+iKQ5r2AkNl2Evv
                                                                                                                                                                                  MD5:C8D7C3648853C541B6AFE9F2F647FEAF
                                                                                                                                                                                  SHA1:FDD51E2DCB1A998376E6671983C355B35FA7A7B8
                                                                                                                                                                                  SHA-256:F933937BDAF0DB26DEDB3EDD7C214F573D78D1738C69FCF47FC488C9849D99C0
                                                                                                                                                                                  SHA-512:30C20F35352710CB5F70D7D0C9E5C728138042AEA53C6D2488EFD1617B3FFD29739E2053935A468C119ED8B86BE44282766B411F0474340B8FF2CB1642A45550
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....`..........."...0.................. .....@..... .......................`............`...@......@............... ...............................@............... ..(/..........P5............................................................... ..H............text...l.... ...................... ..`.rsrc........@......................@..@........................................H.......(#..(............................................................0..!........(....r...p(......(....,..(.....*F~....r...po.....*..0..b.......~....%-.&~..........s....%.....%r...po.....r:..po......(....-..+...s....%r...po....%.o....(....&.*..(....*...0.. .......(....s....(....o....o....&..&..*.................0../.......s....%r...pr5..po....%rQ..p..(....r[..p(....re..p(....( ...o....%r}..pr...po....%r...pr...po....~....%-.&~..........s!...%.....(...+~....%-.&~..........s#...%..

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\Updater.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):94208
                                                                                                                                                                                  Entropy (8bit):6.035478330944383
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:7VkAFS8czM27nW44/93BgBigyTYHTHRYA6WKm35GIc0UJtDfJdqIFiW+JXJluDJP:HFHczM27nW1w6sHTHRYA6WKmJGIc0gt1
                                                                                                                                                                                  MD5:C355B5CA9F7B07667F96C1E30B9A0894
                                                                                                                                                                                  SHA1:91D596E3341723E3EC3A0E58C51E1C885ED60F72
                                                                                                                                                                                  SHA-256:27A7BA032F7D6CF787454C2FD036C95D13BE9FB489B26FD9050659AA23498DD6
                                                                                                                                                                                  SHA-512:4D0298EFF96CE49F59458649DC0308F7460ADD774CB98EC67B19BE7D1FB07313E212A144AE00C98355F0A304532520937F9C92FC64C17FB6D9D82563FC726BE4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.Ou..Ou..Ou..F...Gu..Q'..Mu......Pu......Gu......Ku......Hu......Gu..Ou...u......Gu......Nu......Nu......Nu..RichOu..................PE..d.....g.........." ...'.~................................................................`..........................................w..L....w..................................h......8...............................@...........................P...H............text....z.......|.................. ..`.nep................................ ..`.rdata..............................@..@.data................d..............@....pdata...............h..............@..@.rsrc................l..............@..@.reloc..h............n..............@..B................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\Updater.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):20776
                                                                                                                                                                                  Entropy (8bit):6.880048281652988
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:U+uUE99n53Fc4LVlDsQw/uo6ki2rcNi1HUfIXSJIVE8E9VF0Ny+P/s:UH9nysnDs8r2AkNTW2EIXs
                                                                                                                                                                                  MD5:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                  SHA1:90E87AF2BDFDF33E49EEA353480CB8DA362C450E
                                                                                                                                                                                  SHA-256:CBDFE04B8F754E5E6150936EE604F0A478B79C6D0466EE155775EAD575ADEA90
                                                                                                                                                                                  SHA-512:F0909E35E839BC8735D1F3B8C1AE37DC9B78BA9D8278A17F2DD660C1CFC18FA42A95D7A8CB9CBE44E73778440E3BB117C97377933860E68C07723C09B91F6F84
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...k:n..........."...0.................. .....@..... .......................`.......x....`...@......@............... ...............................@..............."..(/..........\7............................................................... ..H............text...x.... ...................... ..`.rsrc........@......................@..@........................................H........$...............................................................0.............(.......(....*..(....*....0..%.......s.......}............s....(...+(...+*..(....*....0..2........(....r...ps.....s......(....o....o....o....o....*..(....*...0...........r...p(......r9..p(......r[..p(......ru..p(.....s....%..o....%..o....%..o....~....%-.&~..........s....%.....(...+~....%-.&~..........s!...%.....(...+~....%-.&~..........s#...%.....(...+~....%-.&~..........s$...%.....(...+..s......r.

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\Updates.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1047626
                                                                                                                                                                                  Entropy (8bit):7.996039331053294
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:24576:+TSTFIIbJPcmfGXXBjEkBKB90FqnLMwBBOxI:+TST6+PcCGXvBa90FwBExI
                                                                                                                                                                                  MD5:674D4C37B0C2888A2768CBE7D368C4DB
                                                                                                                                                                                  SHA1:CF7B372A79F0441B313980221A92B7E52C1BF565
                                                                                                                                                                                  SHA-256:777BCEC19FCEF78FC6E3451139456269FD9FDF10F68FBD8DE5B82AAABF21502E
                                                                                                                                                                                  SHA-512:22D44B08277E63C18A37AC3FF095C33250F0789F32D231B30E37F7D2452A1FB8601E7E0646858537AAC8F3C8152CBF51E11D00FE0C474EBD10A1A2E75C230FC0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........FY.............. .Updates/UT...g..gu..g..gux.............PK........L.uX........p..... .Updates/concrt140.dllUT....K.e...g..gux..............}y|.U.x.....A..E..0.G.x$..3$!...".rE....... ......T.Vwe.].uW....$B..A..U.;.0.B@..U..{z&...w.....$..~GU.zu.z..oZ*8.Ap....Z...._.i..n}..&...Z[`[....^^1.....N.|.=.L...2%."|O.......L.{.S...s...k...st...o.7.T...................K.WU.....:B.WV.C._.:F..W.......1...M...@.n}..p.S....Z....w. l...N.=[Z..=.q.=......,.....IDlZ...,.....m..K.8..AAx&.)4..Na'.H94v....).....S...F/p.....}...fyp...8./.Yh.....U..qO(.....U.zs.fx-.Ma8.o.....]..K...,h.....X.zY.^.q4p.........3.d%...P.rS.N..H#.....hSn.....~..u,.}.G...[.E.f...LJ.;.)...u[c?P~.>..7...X~.....o7.x..Vv.I#<L.I~..k........7......v.&.uJ~.<.Eu.Bm.........3.s..].X..../%..7.....E..q......n.>|.._.s...7.0N......O...&TE...".5w..T\.sJy..A.....p.2........t...N.\..D.x..........6+...6...-r....r}s7...<'....A.............L..h.3`.6......f......X..q..6_..sj..y..m......~i...

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):512296
                                                                                                                                                                                  Entropy (8bit):6.105577244092262
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:iOC9uo2RjEPi/mQ1eEMA4Z/66S/it9aSh:iUBA6QzZAqt3h
                                                                                                                                                                                  MD5:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                  SHA1:902C1CD86C1E15F96C19C04238296CE3B31C8FEF
                                                                                                                                                                                  SHA-256:0BDA8EA6FB5F46F110C18E72BCEF514D5CDF5270F310E7286D3D03A263ED8772
                                                                                                                                                                                  SHA-512:1B69C7D5B4286AFEC8906D6B3413287B53655769C6661FA2AEED6DD93A8B948C5BF4A231E43946B78EABBC10F1D6E280A7A7E144AF6F4E6B1F61A854F05AD43F
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...3.o..........."...0.................. .....@..... ....................................`...@......@............... ..................................................(/........................................................................... ..H............text........ ...................... ..`.rsrc...............................@..@........................................H.......h/...8...........h..............................................J..(....sK...(F...*2s....o....&*..(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*.~....*..(....*Vs....(....t.........*..{....*..{....*n.(.....(......}......}....*.0..3.......sM...r=..p.(.....>...( .....(....(L......,...(....*.(6...-.ra..pr...p.(!....3...o"...*6.(.....o1...*.0..$........{....,.*..}....r...p.s#......($...*.0..N..............&+<..t....}.....{...........s%...o&...*.t'.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\concrt140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):322672
                                                                                                                                                                                  Entropy (8bit):6.349766501622675
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:wvXgzuCmFn9TG1w91JjqFXAP4X/oT5ObNJnWzgs+VA1b:wauCmbT8w9a/N8zZ1b
                                                                                                                                                                                  MD5:9485D003573E0EAF7952AB23CC82EF7B
                                                                                                                                                                                  SHA1:75B1DCAFC21DDC7C3877CAEAC06BB04EBF09EA40
                                                                                                                                                                                  SHA-256:5E0E8EAC57B86E2DE7CA7D6E8D34DDDEA602CE3660208FB53947A027635D59A1
                                                                                                                                                                                  SHA-512:50BFDCC4F889CD40FE1B79BD3B32515C18836BC533D5590C95ECF4AF5041DF61C87DF6AD87EF9323E19771DE00D7D483FECD07FB7674DF380BE8839F6FF3256A
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................%........&.....O........|...O......O......O......O......OJ.....O.....Rich...................PE..d...m............." ...&.................................................................`A.............................................M...................p...6......pP......|...."..p............................!..@...............P............................text...l........................... ..`.rdata...I.......J..................@..@.data....?...0...:..................@....pdata...6...p...6...V..............@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\msvcp140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):573008
                                                                                                                                                                                  Entropy (8bit):6.5335737504680305
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9
                                                                                                                                                                                  MD5:C3D497B0AFEF4BD7E09C7559E1C75B05
                                                                                                                                                                                  SHA1:295998A6455CC230DA9517408F59569EA4ED7B02
                                                                                                                                                                                  SHA-256:1E57A6DF9E3742E31A1C6D9BFF81EBEEAE8A7DE3B45A26E5079D5E1CCE54CD98
                                                                                                                                                                                  SHA-512:D5C62FDAC7C5EE6B2F84B9BC446D5B10AD1A019E29C653CFDEA4D13D01072FDF8DA6005AD4817044A86BC664D1644B98A86F31C151A3418BE53EB47C1CFAE386
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.(..bF..bF..bF...G..bF.....bF..bG..bF...G..bF...B..bF...E..bF...C..bF...F..bF....bF...D..bF.Rich.bF.........PE..d...M.10.........." ...&.2...T.......................................................b....`A........................................`1..h.......,............p...9...n..PP..............p...........................P...@............P...............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data....7...0......................@....pdata...9...p...:...&..............@..@.rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\msvcp140_1.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):35920
                                                                                                                                                                                  Entropy (8bit):6.6037218761428065
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:vcSfZMC98zOoKF4tWci5gWLOCSt+e9UR9zsCc525yEFHRN76kUR9zsCcQfq:0SWC+zOjaIcdc9zOggElI9zOp
                                                                                                                                                                                  MD5:7B0A25EEE764D8747F02CB3ED980F07A
                                                                                                                                                                                  SHA1:9B9C827F8C6E7F497E88B83F0654BDF97C50C50F
                                                                                                                                                                                  SHA-256:1274292F4CC655F295272B37E08A9683B8BB8C419B61EA2E1F43EB4D22F02F90
                                                                                                                                                                                  SHA-512:3302EE0C62947F3EDDACBED0AE14F531DE24392E2C73B40AB9690E6BE5F869C3B525A27868A4507E7E80EC5DA68B71880731A6B105E16173BAA65C770F2666A7
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..Q>pVQ>pVQ>pV.LqWS>pVXF.VU>pVW.tWV>pVW.sWS>pVQ>qV{>pVW.qWT>pVW.uWE>pVW.pWP>pVW..VP>pVW.rWP>pVRichQ>pV........PE..d...3G.5.........." ...&.....&....................................................../Z....`A.........................................?..L...<A..x....p.......`.......<..PP...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data...8....P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\msvcp140_2.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):268392
                                                                                                                                                                                  Entropy (8bit):6.52441819904249
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:fQlhTFL4EDrHNvteLN3XjlGXMdnrMWQcldb:mBVvaXjl5WWlb
                                                                                                                                                                                  MD5:AA0148E20D34C10E01A4A9E1BAB1D058
                                                                                                                                                                                  SHA1:D58A5E3D76403EE5A65A07201AA8A2FAD1A173D2
                                                                                                                                                                                  SHA-256:583AD842BCF2F77AF57D07B8F00ECA77BB2DF763DF96BB9C50F7E52031B54E42
                                                                                                                                                                                  SHA-512:2711A4CA8F387338DC97DA065D75FE602255CF6E0D1F60C3749311E090ABE4EA852E951C3C6E6350B8F742C4B88FACB22AB0959D9047B0507C3BF050782385F4
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?&..{G..{G..{G...5..yG..r?k.wG..}...sG..}...xG..{G...G..}...|G..}...nG..}...zG..}...zG..}...zG..Rich{G..........................PE..d....u.t.........." ...&..................................................................`A........................................@..................................hP...........R..p............................Q..@...............x............................text...{........................... ..`.rdata..............................@..@.data....*.......&..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\msvcp140_atomic_wait.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):50280
                                                                                                                                                                                  Entropy (8bit):6.640596639957661
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:ZBRFMT8ZxzboOqnouLvaXeCo4LmxUMey9z5YAqo9z5gG:ZvofLvaXeN4LBMeOzuAqgzh
                                                                                                                                                                                  MD5:6722344B74084D0AF629283060716BAE
                                                                                                                                                                                  SHA1:36AA8EF02D3A308464C1EE8F75D6D118314202A0
                                                                                                                                                                                  SHA-256:C9FD25862B1B8B2977BF188A4E0C4460DADE43C31710283C2B42DBD3B15B4317
                                                                                                                                                                                  SHA-512:1F844BFFF36A7EC0CC3A04B5C88248D952C6C38B7048AE92DEA3FFD8670C8B1C412AD44F2501816F6B80BCA9D5BB8A06CD920D4682BB52F08EF66A8A1D826405
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.C......................D......*.......*..........b....*.......*.......*.......*(......*......Rich............PE..d.....gi.........." ...&.:...........>.......................................@......:1....`A........................................Pf..D....k....... ..........P....t..hP...0..X...`X..p........................... W..@............P..H............................text...~9.......:.................. ..`.rdata...$...P...&...>..............@..@.data...H............d..............@....pdata..P............f..............@..@.rsrc........ .......l..............@..@.reloc..X....0.......r..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\msvcp140_codecvt_ids.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):31856
                                                                                                                                                                                  Entropy (8bit):6.7937174645751135
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:r9agvUpWiYEW9xtSt+ebe1nR9zZ1xhkA/NEHRN7jVwR9zk0Qp9:r9tvfvxUc1R9zZfpAy9z5e9
                                                                                                                                                                                  MD5:165308EE66D0B8F11CA20F3BCD410EA9
                                                                                                                                                                                  SHA1:510969622B7F3C92C152ECFDC5FF08EDEFCB9594
                                                                                                                                                                                  SHA-256:08DF3AB1B59D1F7D63F0811838E4FCCC107087FCBC469D94975C0E44477058E7
                                                                                                                                                                                  SHA-512:10B98BA3E0C75519E661CF6FAE1797ACEFEA6F5FD48076C3E8C6BA26FE7F3B214BB0AB4F5B74F937D3CE91D65FF2B9ABA1FA584114BE924580283948862D8D78
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.z(...{...{...{..z...{...{...{.T.z...{...{,..{.T.z...{.T.z...{.T.z...{.T.z...{.T.{...{.T.z...{Rich...{................PE..d...~.b|.........." ...&............P........................................p............`A........................................p(..0....)..P....P.......@.......,..pP...`..,...."..p............................!..@............ ...............................text...h........................... ..`.rdata..B.... ......................@..@.data...X....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......*..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):872
                                                                                                                                                                                  Entropy (8bit):5.1509638642903175
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:NXTLrxqg31g8S6k0NstNPGAUs1ksB8OON1tE:NXH9qMabZ02tJGAUsCsWOOP+
                                                                                                                                                                                  MD5:0D4C7C2411E1BA411E24DE176494CA90
                                                                                                                                                                                  SHA1:3715BB3B5B1525155AFFF7F570C05CF2B0538ACF
                                                                                                                                                                                  SHA-256:DC4685144E93384E88D1FC6E6DD66F6C4E703ED9173A98819F2C8BCB28D983FC
                                                                                                                                                                                  SHA-512:BA9E7C8AFE9EAD6B3E4FFA36948AADDA281421182A70090B531EFE51F8F0F488AC1370E5007C9C183136FC6B1DB91B39BDFC56C428832A6ABF9DEBBFB84D5F23
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:$currentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name..$localAppDataPath = [System.Environment]::GetFolderPath('LocalApplicationData')..$relativePath = "ZipThis\Updater.exe"..$fullPath = [System.IO.Path]::Combine($localAppDataPath, $relativePath)..$action = new-ScheduledTaskAction -Execute $fullPath..$trigger = new-ScheduledTaskTrigger -Daily -At ((Get-Date).AddHours(24)) -DaysInterval 1..$principal = New-ScheduledTaskPrincipal -UserId $currentUser -LogonType Interactive..$settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable -RestartCount 2 -RestartInterval (New-TimeSpan -Minutes 10) -RunOnlyIfNetworkAvailable..$task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Settings $settings..register-ScheduledTask -TaskName "UpdateTaskZT" -InputObject $task

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vcamp140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):412752
                                                                                                                                                                                  Entropy (8bit):6.381781875789488
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:5RWVjpZts9k1EBKMft33SNC0sSHTBTjSWqNhycvzZQnj/6qaJzi8e:2PZtSkeBKMft3gC0xnSWkdy8
                                                                                                                                                                                  MD5:8441A618D2CEF67BDEDCA224FD61AFA2
                                                                                                                                                                                  SHA1:1875E3BC3306F8E3199C38736B9B4F215225220B
                                                                                                                                                                                  SHA-256:6CD300E597C477260809C5CA036993D923CD8BE304AE323C9C4D7776115FE62D
                                                                                                                                                                                  SHA-512:918D417BE21E837DBB8CFCD93A8EBF908928A87B1252EE330D0666A9EF8EBA0CF7095D5CEE3C85CAD1BD60C04DF73E79D714CBD31F7C37BA6119FB7DB319ADAC
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.................A......................................................................-.......E.............Rich....................PE..d....W............" ...&.....L......pN.......................................@............`A............................................,8...f..T.......8$.......6......PP...0..P....9..p....................:..(....8..@............................................text............................... ..`.rdata..............................@..@.data....4...........h..............@....pdata...6.......8..................@..@.rsrc...8$.......&..................@..@.reloc..P....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vccorlib140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):348784
                                                                                                                                                                                  Entropy (8bit):6.047658390955032
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:MY2JXxXk4wV1J2Rv9DwCx1Rp9tuwqmhLhfdP2EcCkiNNWA/LL3OpawO5Qa2rUjLM:ShXrwUv9kCl2+WKf32aHlT9/h/Y
                                                                                                                                                                                  MD5:E3E6AA23DF3C78B29B0EE90E2712FC7E
                                                                                                                                                                                  SHA1:293E126093740FFA95062532D7512567C9648412
                                                                                                                                                                                  SHA-256:233E79C5AB80A2902B79C8B41E741DC06CD4A9FF8BCA99A025FE8077A35BE125
                                                                                                                                                                                  SHA-512:1DA327F531EBBF1D66C0AD485D1310FBAD4F7A4CD55C9ECE7901C0321C1ED7D2DE945B3C000E643403947AB69A19E189006CBFF92AA9A71B486FE863D2AEA373
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K*].*D..*D..*D..R...*D...E..*D...A..*D...@..*D...G..*D.GXE..*D..*E..*D...M..*D...D..*D......*D...F..*D.Rich.*D.........PE..d...-............" ...&.....~......P........................................@......*.....`A........................................ ....>......,................ ......pP... ..........p...........................p...@............................................text............................... ..`.rdata..............................@..@.data........0......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vcomp140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):196688
                                                                                                                                                                                  Entropy (8bit):6.455243093194337
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:OFxwRpcDSgiN1hHxRB+s5zgexVahxUE+30/eRyjyTIZV1YakAU1Bvwp/lC5:K+R5giNjxRhHxV4EseRyjyQIv8/l
                                                                                                                                                                                  MD5:EF76327FF132A48F3BAC24598C99B373
                                                                                                                                                                                  SHA1:71D2BCA744724AA55C16E74B1ED22B61CCFD8920
                                                                                                                                                                                  SHA-256:D49B394DE1154176B39611C37C669EBFF50AA5A818DBD5FF3D2214A299368DDD
                                                                                                                                                                                  SHA-512:B3AA61EC77CE171B6A7910F0D973E8393DFC457DB0D5E6035E18EB4CF9D75CA9E4A9FE012E91C2ACF4E9B944535B15CC99AD15A1273E1FDD651FF5406A26CCFA
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..@.pn..pn..pn...m..pn...k.dpn...j..pn..pn..pn...k..pn...j..pn...o..pn..po.ppn...m..pn...g..pn...n..pn.....pn...l..pn.Rich.pn.........................PE..d.....F..........." ...&.....".......h....................................... ............`A.........................................p......8~..(...............,.......PP......(....R..p............................Q..@............................................text...'........................... ..`.rdata..............................@..@.data...D%...........p..............@....pdata..,............|..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vcruntime140.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):119376
                                                                                                                                                                                  Entropy (8bit):6.605105564769165
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:BqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbHecbWcmpCGtodMzDZ92zfa:BqvQFDUXqWn7CkRG7jecbWb9toaera
                                                                                                                                                                                  MD5:E9B690FBE5C4B96871214379659DD928
                                                                                                                                                                                  SHA1:C199A4BEAC341ABC218257080B741ADA0FADECAF
                                                                                                                                                                                  SHA-256:A06C9EA4F815DAC75D2C99684D433FBFC782010FAE887837A03F085A29A217E8
                                                                                                                                                                                  SHA-512:00CF9B22AF6EBBC20D1B9C22FC4261394B7D98CCAD4823ABC5CA6FDAC537B43A00DB5B3829C304A85738BE5107927C0761C8276D6CB7F80E90F0A2C991DBCD8C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.... ............" ...&. ...d.......................................................:....`A.........................................e..4...4m..........................PP...........N..p............................L..@............0...............................text...V........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vcruntime140_1.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):49744
                                                                                                                                                                                  Entropy (8bit):6.675573056871668
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:oPIyGVrxmKqOnA4j3z6S2X7pudLAivD9zigElY7ivD9zG:XBr87uWFLpudBvpziZ1vpzG
                                                                                                                                                                                  MD5:EB49C1D33B41EB49DFED58AAFA9B9A8F
                                                                                                                                                                                  SHA1:61786EB9F3F996D85A5F5EEA4C555093DD0DAAB6
                                                                                                                                                                                  SHA-256:6D3A6CDE6FC4D3C79AABF785C04D2736A3E2FD9B0366C9B741F054A13ECD939E
                                                                                                                                                                                  SHA-512:D15905A3D7203B00181609F47CE6E4B9591A629F2BF26FF33BF964F320371E06D535912FDA13987610B76A85C65C659ADAC62F6B3176DBCA91A01374178CD5C6
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....=..........." ...&.<...8.......B....................................................`A........................................Pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\vcruntime140_threads.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):38512
                                                                                                                                                                                  Entropy (8bit):6.770837685226852
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:XcGvEQQVHOn645dKADczXKxUMKu9z/ezdA99z5K:MtVHa5dKADcjdmzYdAfzo
                                                                                                                                                                                  MD5:5F533A0A43600153ECDE78ABAA7D614E
                                                                                                                                                                                  SHA1:C0E2438FDB059F6AACCA0FB0DB401767D8010201
                                                                                                                                                                                  SHA-256:52890AA0EF3E8EEE53684FCB7D1C1AA76AD0E03F5664D184B424402916F26715
                                                                                                                                                                                  SHA-512:702ABC2914A0CF720133EB267A50F37AFDA5C2489F371B6B691031E62EEFED3B7C91C49645C88DD638F870B9EB7E3B463F6EAA43AD5D53D6CB7D224C90A35201
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j|.Dj|.Dj|.D...Eh|.Dl..Eh|.Dc.YDm|.Dj|.D*|.Dl..Eb|.Dl..Ei|.Dl..Ef|.Dl..Ek|.Dl.5Dk|.Dl..Ek|.DRichj|.D........................PE..d.....Z..........." ...&. ...(......`#..............................................~.....`A........................................p;.......>..x....p.......`..$....F..pP......0....4..p...........................p3..@............0...............................text............ .................. ..`.rdata..H....0.......$..............@..@.data........P.......:..............@....pdata..$....`.......<..............@..@.rsrc........p.......@..............@..@.reloc..0............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\ZipThis\zipthisUserId.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):36
                                                                                                                                                                                  Entropy (8bit):3.742589501851919
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KEQ8s/EdwxdR:InmAR
                                                                                                                                                                                  MD5:5EF09B892BDD65AA6549A9436E752E32
                                                                                                                                                                                  SHA1:FC252080A84D43C4C7D50761325C37E8F121E3AD
                                                                                                                                                                                  SHA-256:84D4692C46EE715FF41A6CF76E94791A8A3027698DC1E9F2F0BD0E56EFD31AC2
                                                                                                                                                                                  SHA-512:E457F3E7B102F50892DC1E674A5E445FF283BED1B8E267E3CB3D023F1DB511D1A8036329DAD2844282FFF3EF0FBDB50CB6FACFE85858E5385C308810BB0D55DD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:6452faac-14b2-4f85-a1a3-5968697ad833

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\SMCR\userId.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):36
                                                                                                                                                                                  Entropy (8bit):3.742589501851919
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KEQ8s/EdwxdR:InmAR
                                                                                                                                                                                  MD5:5EF09B892BDD65AA6549A9436E752E32
                                                                                                                                                                                  SHA1:FC252080A84D43C4C7D50761325C37E8F121E3AD
                                                                                                                                                                                  SHA-256:84D4692C46EE715FF41A6CF76E94791A8A3027698DC1E9F2F0BD0E56EFD31AC2
                                                                                                                                                                                  SHA-512:E457F3E7B102F50892DC1E674A5E445FF283BED1B8E267E3CB3D023F1DB511D1A8036329DAD2844282FFF3EF0FBDB50CB6FACFE85858E5385C308810BB0D55DD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:6452faac-14b2-4f85-a1a3-5968697ad833

                                                                                                                                                                                  C:\Users\user\Desktop\ZipThisApp.lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Wed Jan 8 18:17:15 2025, mtime=Wed Jan 8 18:17:15 2025, atime=Wed Jan 8 18:17:15 2025, length=512296, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2019
                                                                                                                                                                                  Entropy (8bit):3.8013783211254424
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:85eCB7qPXZRyr8VtAK1frSYac7MH3NkiO4ZgYq7MH3NH7nqygm:8n7eXZRIemCTSYacwNkiZvqwNuyg
                                                                                                                                                                                  MD5:0FC755D9BB10A0E95498762B10A5E204
                                                                                                                                                                                  SHA1:387BA7902259FB0FF1FDA2885DEB846D7F5FA83E
                                                                                                                                                                                  SHA-256:770CA71ADD1ECC8644B02A8D82E9BD423CF7EB4183AE7359A739E05CA5E1FB59
                                                                                                                                                                                  SHA-512:C7E5AC73090C2BD9162532CF2263E267E515A479808DC85C55D431ED24A9EE4159920749D9F3A8AAB99054D4DF70308468FBC3CB8CD26E9A3FB98EC2CB604955
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:L..................F.@.. .....0..b...0..b...0..b..(.........................:..DG..Yr?.D..U..k0.&...&......&..9....]...b...eI..b......t...CFSF..1.....FWtM..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FWtM(Z.......Y.....................?@.A.p.p.D.a.t.a...B.P.1.....(Z!...Local.<......FWtM(Z!......Z........................L.o.c.a.l.....V.1.....(Z#...ZipThis.@......(Z!.(Z#.....q.....................V...Z.i.p.T.h.i.s.....j.2.(...(Z(. .ZIPTHI~1.EXE..N......(Z(.(Z(.....~...................../...Z.i.p.T.h.i.s.A.p.p...e.x.e.......c...............-.......b...........0.>......C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe....Z.i.p.T.h.i.s.A.p.p.'.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.Z.i.p.T.h.i.s.\.Z.i.p.T.h.i.s.A.p.p...e.x.e.C.C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.Z.i.p.T.h.i.s.\.B.a.s.e.V.4...B.e.l.o.n.g.i.n.g.s...f.a.v.i.c.o.n...i.c.o.........%USERPROFILE%\AppData\Local\ZipThis\BaseV4.Belongings.favicon.ico..................................................

                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                  Chrome Cache Entry: 100

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):8884
                                                                                                                                                                                  Entropy (8bit):4.7992635166199715
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:i5QJfCMoQFQFdfumRn4pxvPjckg2QYMncuFQKu/UDLxg:iiFQFqCZDLq
                                                                                                                                                                                  MD5:7143D3A9795ADC641037A57197AD6B40
                                                                                                                                                                                  SHA1:E38CAE4DB22616B98EF2F9C0A416DEF7A4A90682
                                                                                                                                                                                  SHA-256:93F3E39324F19003E38380ADE02815DA8F6BF7972F762D3DC63756E68B78454D
                                                                                                                                                                                  SHA-512:9491AC02F22938B94EB5E22BBE0C643F8B69A9BD23C3CB9BD4A741D4F681658227236251E7D4C2D14D191BCFB2FB674BA8F5F1B84ED3591D8417992FC3CB6A89
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.zipthisapp.com/assets/css/main.css
                                                                                                                                                                                  Preview:@import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');../* colors */..main-background {. background: #221151;.}..secondary-color {. color: #5D25FC;.}..light-color {. color: #E5E5E5;.}..dark-color {. color: #221151;.}../* main */.body {. margin: 0;. font-family: 'DM Sans', sans-serif;. width: 100%;. min-height: 100vh;.}../* header */..header-section {. display: flex;. justify-content: space-between;. align-items: center;. padding: 24px 40px;. width: 100%;. color: white;.}..header-section a {. text-decoration: none;.}..logo-title {. display: flex;. align-items: baseline;. font-weight: 700;. font-size: 30px;. color: white;.}..logo-title:hover {. color: white;.}..logo {. width: 31px;. height: auto;. margin-right: 10px;.}..header-links {. margin-left: auto;. display: flex;. align-items: center;. font-size: 22px;. font-weight: 400;. gap:50px;. font-family: Aria

                                                                                                                                                                                  Chrome Cache Entry: 101

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (18221)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):18309
                                                                                                                                                                                  Entropy (8bit):5.182503586743918
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:PFFH7kJviNIGNi7wVjvOg/+f3+dtm7HfxoULOw/VoNnuGb/f/BgHknmjNzWNLTVY:/UqjvZ/+mkXyw9oNnuSf/BgEnmjNzWN6
                                                                                                                                                                                  MD5:E73504A146CEEBAED80DEE1071D2376B
                                                                                                                                                                                  SHA1:D6734E2DF4605656C041D8DBB1CCDF59A263C7FD
                                                                                                                                                                                  SHA-256:B341DF65F4AE526103325A74B19E05A97CC89E0AD232816BFE853A56831068A9
                                                                                                                                                                                  SHA-512:25E9F72BE891378B614980C4C87C1419817136C9405024D5F4FFE0D24F37E9E6A8ABFB69940502CD13D4C83C4A52306529D2616A65BB4B7BBB35648610474843
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://cdn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js
                                                                                                                                                                                  Preview:/**. * @popperjs/core v2.5.2 - MIT License. */.."use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e=e||self).Popper={})}(this,(function(e){function t(e){return{width:(e=e.getBoundingClientRect()).width,height:e.height,top:e.top,right:e.right,bottom:e.bottom,left:e.left,x:e.left,y:e.top}}function n(e){return"[object Window]"!==e.toString()?(e=e.ownerDocument)&&e.defaultView||window:e}function r(e){return{scrollLeft:(e=n(e)).pageXOffset,scrollTop:e.pageYOffset}}function o(e){return e instanceof n(e).Element||e instanceof Element}function i(e){return e instanceof n(e).HTMLElement||e instanceof HTMLElement}function a(e){return e?(e.nodeName||"").toLowerCase():null}function s(e){return((o(e)?e.ownerDocument:e.document)||window.document).documentElement}function f(e){return t(s(e)).left+r(e).scrollLeft}function c(e){return n(e).getComputedStyle(e)}function p(e){return e=c(e),/auto|scroll|

                                                                                                                                                                                  Chrome Cache Entry: 102

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65326)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):160302
                                                                                                                                                                                  Entropy (8bit):5.078105585474276
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:V47CIJ0T2r+ryEIA1pDEBi8yNcuSEcA1/uypq3SYiLENM6HN26b:S7VSGGq3SYiLENM6HN26b
                                                                                                                                                                                  MD5:816AF0EDDD3B4822C2756227C7E7B7EE
                                                                                                                                                                                  SHA1:C470239D4C7DB36D56DC3A74A080C62218C6EDC4
                                                                                                                                                                                  SHA-256:5B0FBE5B7AD705F6A937C4998AD02F73D8F0D976FE231B74AEF0EC996990C93A
                                                                                                                                                                                  SHA-512:32844D968C5B4AD05C0FCCF733FD819A74FEAE0E08B0CC4F917686876CC3E8B18D34513CD16DE89EC02145C30032B4A8C962FDC43EC4AEDD267A7EEF47C2D466
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
                                                                                                                                                                                  Preview:/*!. * Bootstrap v4.5.2 (https://getbootstrap.com/). * Copyright 2011-2020 The Bootstrap Authors. * Copyright 2011-2020 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:bo

                                                                                                                                                                                  Chrome Cache Entry: 95

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):3992
                                                                                                                                                                                  Entropy (8bit):4.501056007343047
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:fj6HYrEfq9uIMwZI4Lj55QquQSSe8BJy/fZO1d0JyG9UgN1lJydHQivKCjHa24:fj6Hs2gDLJeC1d1gNyQihj624
                                                                                                                                                                                  MD5:52C21532008899BC85ACA0F4F8F972B9
                                                                                                                                                                                  SHA1:84D2571C2D4999AF4E6A5B189F9D8331E40B8071
                                                                                                                                                                                  SHA-256:FBDF77C4F54AB80C36E91E0425A7D33D9490494CC5233A3D751FC6CFE4B24EE5
                                                                                                                                                                                  SHA-512:6A60A3ECB517AF253FA95402B0866134349805699D9F3B95FC50DAF86DCE5B7E7B1D6E9FE65629D570BF461EECEE286264B0A5CABB1BB962BEB07DDE25E82E14
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Zip This - Successfully Updated</title>. Link Favicon -->. <link rel="icon" href="assets/images/favicon.ico" type="image/x-icon">. Link CSS Reset -->. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css">. Link Bootstrap CSS -->. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">. <link rel="stylesheet" href="./assets/css/main.css">. <script>(function (w, d, s, l, i) {. w[l] = w[l] || []; w[l].push({. 'gtm.start':. new Date().getTime(), event: 'gtm.js'. }); var f = d.getElementsByTagName(s)[0],. j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src =. 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.par

                                                                                                                                                                                  Chrome Cache Entry: 96

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):2613
                                                                                                                                                                                  Entropy (8bit):5.365928254771976
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:jOEadcJc+ufOEad5N0xXOXadcJc+ufOXad5N0xXOpadcJc+ufOpad5N0xD:jOEadcJc+ufOEad5NkOXadcJc+ufOXaD
                                                                                                                                                                                  MD5:E886D481E3A09D9C59E9592A2E5C26A3
                                                                                                                                                                                  SHA1:17808F0A187C25DA3C83C480DEB3CCCD2262FA74
                                                                                                                                                                                  SHA-256:3152C018F548899E2DA6FE638841EF215A059D73007F3986A28153DC39983201
                                                                                                                                                                                  SHA-512:01ED71C3198B4532F77297B6F234A05929609FFDEABAB84242A2B956B8F8086ECD70F7DDC53E0F908B2D536773A88D0E63080A26C33B320A72C4D653F500C208
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap
                                                                                                                                                                                  Preview:/* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu6-K6h9Q.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/dmsans/v15/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url

                                                                                                                                                                                  Chrome Cache Entry: 97

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1815)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1861
                                                                                                                                                                                  Entropy (8bit):4.963483690165822
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:NLr2BM/YolPfXe7aXnQstpx0EB0vetET58hHLjD+NxrMyLQESmTywRez/rSsJjeI:FUwlnewZtpx0XeH3D+NGeQE3RezrnNqI
                                                                                                                                                                                  MD5:36974225AA51D7B413C9A1CFB22E9C06
                                                                                                                                                                                  SHA1:FE4F3F561D5BD50A21BDDE90EC7D0E3EFFF061BF
                                                                                                                                                                                  SHA-256:97CE4E98F3A3BE297F48EBD5B771E74928F31754D43324FD795D1CD81CC41B35
                                                                                                                                                                                  SHA-512:361482D589B2AEE5E27DC8FF285456A02E7AD58A47A5CE49B7382F6EECF1E55A332A95AF43EE275E13DD1609B1F31A9EC517290209538FDB0805620D5DAF31E7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.1/normalize.min.css
                                                                                                                                                                                  Preview:/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz

                                                                                                                                                                                  Chrome Cache Entry: 98

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:PNG image data, 251 x 201, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):1838
                                                                                                                                                                                  Entropy (8bit):7.595473432297073
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:xZvPghvogyd1ZHnhny5xNoeuDu15EVi3m:bv6vogmHly35nEVi3m
                                                                                                                                                                                  MD5:07EC9859480889C6E5D841949AF1A66B
                                                                                                                                                                                  SHA1:8F0DF3F92839FB064E09262DA3F0AC8DB5AA57D4
                                                                                                                                                                                  SHA-256:0227EC69528DF4350E888583F2B89BB25553BF051D2A79A49DDC315D835A4459
                                                                                                                                                                                  SHA-512:223F18FD522C8BCABB31BB8E660EA811618621273B24E52893CE6DB50A2F369BC8BA28BC55899D5BD6E367D5C0A21590443F13EAB651D6DCAF9E0E31A13BF3C8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://www.zipthisapp.com/assets/images/256px.png
                                                                                                                                                                                  Preview:.PNG........IHDR...............D.....IDATx.....w....3;..........Tz.../.....n.... ...B..U.!..$...AD!.F.".i...d.&.d....0N2I.....3....dgwv>.7..3;;E].1RW....[.G.y.s.#..._..h.c....r<.Z..1..u..-..g.?..hF.B......<...{=..._cf~f.#M)...c.z.X|...3..<.j............[.........o\|)^.....O....W.......4`..?.....q.f.E....W.....p.g....k..%x..F.}./.cK.g..f_..........._=.,.|...fA.....x......1x...=..........n..76<#...7.......g.z.?.....`#.gD..xG....]j....g.Zq.....`........g`..g....:..#f.5=..p.......D..hz..%x.0..+.......[+.*..A...Ga..}...q.f...Z.ZGk.hz.F.{.....(Z."f...W~=......7x.@D..a..N....o........}0rO...);U..Z.z..N7...7..\.9 t.k.^..._ED.k....Gl....<..8..e.......G.{..7..6.:...V.....u..'.s..c.....\..X]z{..Z?v...h/..5.~<...?...a..Z1s..m.g....Y.\.'.N...O........&.3..||..:L..g...{].>...........;..{...61.0>....^.B.i4...f_..1..&G....ov..t*;U..f....Ql.......Ob.WU....""Z.:$P...=A.L.....j..UWa.C.6;$!vHB..!..C.b.$..I....;$!vHB..!..C.b.$..I....;$!vHB..

                                                                                                                                                                                  Chrome Cache Entry: 99

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65245)
                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                  Size (bytes):72380
                                                                                                                                                                                  Entropy (8bit):5.291235892642397
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:KDFXTRMYFbeDtyZxg6V4mMeexs1Lzu3JlQ5uCe/ZiEm4kWpfBogmzmPx3SgQ47Gl:AuIy3JlQ5cF7m+SgQ47GKA
                                                                                                                                                                                  MD5:FB8409A092ADC6E8BE17E87D59E0595E
                                                                                                                                                                                  SHA1:CF8D9821552D51BB50CE572E696ABA1309065800
                                                                                                                                                                                  SHA-256:E3E5F35D586C0E6A9A9D7187687BE087580C40A5F8D0E52F0C4053BBC25C98DB
                                                                                                                                                                                  SHA-512:FC35D35EBEA742874C522ABE2142580ADD8F3CE523AC727DC05AEAA49DD79203CD39955F32893B711C3A092C72090C579FAA339444AC4A1D7FB0C093175ACBFE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  URL:https://code.jquery.com/jquery-3.5.1.slim.min.js
                                                                                                                                                                                  Preview:/*! jQuery v3.5.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(g,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,v=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),m={},b=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},w=g.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function C(e,t,n){var r,i,o=(

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                  Entropy (8bit):7.182451876726584
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                                                                  File name:ZipThis.exe
                                                                                                                                                                                  File size:2'820'904 bytes
                                                                                                                                                                                  MD5:22a6cb7348b496600e7151a8112cbac9
                                                                                                                                                                                  SHA1:f0cd50658868a3d347beff6977a54520c19ab640
                                                                                                                                                                                  SHA256:bf2f238d09ac55e7baf3d73c80c82d3df935daa6b94adf67a299ad3665e879e2
                                                                                                                                                                                  SHA512:c56cfc209f93873fd147e00bd515f1ff0463063ffa7a91c00f7c0d939fc19eefac6df700914363d630ba575e21d7c4aeb0cbc33deef38387c7e94f580d4ceaf0
                                                                                                                                                                                  SSDEEP:49152:He3Za5f/udkuhTST6+PcCGXvBa90FwBExhHgZze:mY3cw2+kCGXm0FwOVOze
                                                                                                                                                                                  TLSH:0ED5ADC2A351C24BC506197582B2C363A226AF5C7E13BE37667736F99C4B5A40E363F4
                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....G..........."...0...).............. .....@..... ....................... +.....Y.+...`...@......@............... .....

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:1364e4e4e4e46817

                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Entrypoint:0x140000000
                                                                                                                                                                                  Entrypoint Section:
                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                  Time Stamp:0xBF47FCA7 [Fri Sep 11 02:59:51 2071 UTC]
                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                  Import Hash:

                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                  Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                  • 21/02/2024 13:51:07 21/02/2025 13:51:07
                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                  • E=contactus@lightnertok.com, CN=LIGHTNER TOK LTD, O=LIGHTNER TOK LTD, L=Tel Aviv-Jaffa, S=Tel Aviv, C=IL, OID.1.3.6.1.4.1.311.60.2.1.3=IL, SERIALNUMBER=516201944, OID.2.5.4.15=Private Organization
                                                                                                                                                                                  Version:3
                                                                                                                                                                                  Thumbprint MD5:CEC13869EA7B5624B992C775556F2F58
                                                                                                                                                                                  Thumbprint SHA-1:B0F054A3A02999D47B5FADE5C33FA9C9FE1B951F
                                                                                                                                                                                  Thumbprint SHA-256:661CCA115D81F163E9E7C33A3D60D2BFC02F95829864B132267E130EDA8DAE07
                                                                                                                                                                                  Serial:4469809AA0E206829C99CD18

                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                  Instruction
                                                                                                                                                                                  dec ebp
                                                                                                                                                                                  pop edx
                                                                                                                                                                                  nop
                                                                                                                                                                                  add byte ptr [ebx], al
                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                  add byte ptr [eax+eax], al
                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                  Data Directories

                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2940000x1d584.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x2adc000x2f28.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x2922a40x1c.text
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                  Sections

                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                  .text0x20000x2902c00x290400380e6a4c9b8a10139f93c67c76d7a804unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .rsrc0x2940000x1d5840x1d600ca7c8a85dbd39bfd8848ee09820b1354False0.2474650930851064data4.9262202797788746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                  Resources

                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                  RT_ICON0x2941a00x47e1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9756534970925493
                                                                                                                                                                                  RT_ICON0x2989940x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09379805986040458
                                                                                                                                                                                  RT_ICON0x2a91cc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.1300188946622579
                                                                                                                                                                                  RT_ICON0x2ad4040x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.15425311203319503
                                                                                                                                                                                  RT_ICON0x2af9bc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.20098499061913697
                                                                                                                                                                                  RT_ICON0x2b0a740x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24822695035460993
                                                                                                                                                                                  RT_GROUP_ICON0x2b0eec0x5adata0.7666666666666667
                                                                                                                                                                                  RT_VERSION0x2b0f580x370data0.4318181818181818
                                                                                                                                                                                  RT_MANIFEST0x2b12d80x2a5XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5199409158050221

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  Jan 8, 2025 20:17:01.473541975 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:01.473578930 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:01.473651886 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:01.496922016 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:01.496944904 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.040213108 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.040318966 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.045861006 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.045882940 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.046245098 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.095729113 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.175995111 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.223324060 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.286230087 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.307820082 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.307857037 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.473416090 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.473979950 CET4434970545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:02.474040031 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:02.482913017 CET49705443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.048815012 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.048875093 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.048964977 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.049263000 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.049277067 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.528034925 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.555995941 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.556045055 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.676228046 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.678689957 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.678718090 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.954003096 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.954370022 CET4434970645.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:04.954442978 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:04.954988003 CET49706443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:20.798815966 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:20.798875093 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:20.799345016 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:20.800350904 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:20.800369024 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.275405884 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.275496960 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:21.278354883 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:21.278367996 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.278615952 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.279930115 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:21.327328920 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.501063108 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.501153946 CET4434971445.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:21.501419067 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:21.507616997 CET49714443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.309370041 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.309420109 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.309528112 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.310028076 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.310041904 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.406677961 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.406717062 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.406806946 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.407071114 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.407082081 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.577591896 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.577636957 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.577718019 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.577945948 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.577959061 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.684710026 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.684753895 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.685156107 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.690335035 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.690349102 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.800012112 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.800090075 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.802165031 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.802175999 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.802436113 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.808796883 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.855336905 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.883580923 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.883977890 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.883992910 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.885421038 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.885514975 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.887855053 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.887924910 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.888222933 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.924799919 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.925219059 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:23.925229073 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.929362059 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:23.929375887 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.980329037 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.040443897 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.040703058 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.040723085 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.041750908 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.041832924 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.042146921 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.042207956 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067584038 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067615032 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067652941 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067684889 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067697048 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067768097 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.067848921 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.068734884 CET49719443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.068752050 CET44349719104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083189964 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083237886 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083605051 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083929062 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083954096 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.084152937 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.084172010 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089142084 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089176893 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089245081 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089456081 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089469910 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090352058 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090377092 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090441942 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090686083 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090703011 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.091000080 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.091018915 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.091059923 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.092741013 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.092756033 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.138318062 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.166265011 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.166347027 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.169995070 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.170006990 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.170233965 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.198086977 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.198307037 CET4434971545.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.198385000 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.205060005 CET49715443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209254026 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209309101 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209351063 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209371090 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209393978 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209434986 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209470987 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209484100 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209491014 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209513903 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209814072 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.209867954 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.211986065 CET49720443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.212003946 CET44349720104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.217341900 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.330812931 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.371340990 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.434595108 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.438112020 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.438127995 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.544013023 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.544359922 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.544403076 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.544754028 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.545147896 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.545221090 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.545319080 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.550925970 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.551220894 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.551255941 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.552282095 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.552356958 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.560298920 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.560384035 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.561106920 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.561119080 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.564914942 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.565140009 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.565165997 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.565844059 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.566246033 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.566303968 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.566343069 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.566353083 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.568484068 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.568557978 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576262951 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576356888 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576447964 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576468945 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576849937 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576944113 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.576984882 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.587342024 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.616338015 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.616344929 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.616353989 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.616377115 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.664340019 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674041986 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674546957 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674622059 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674628019 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674639940 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674806118 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674813986 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.674885988 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675045967 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675072908 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675115108 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675123930 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675146103 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675745964 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675808907 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.675817013 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.690463066 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.690538883 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.690556049 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693332911 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693384886 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693454027 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693483114 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693499088 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.693551064 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.694432974 CET49723443192.168.2.17104.17.25.14
                                                                                                                                                                                  Jan 8, 2025 20:17:24.694447994 CET44349723104.17.25.14192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696050882 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696095943 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696125984 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696156025 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696172953 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696190119 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696202993 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696204901 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696233034 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.696712017 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.697069883 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.697134018 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.697148085 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700721979 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700752020 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700773954 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700784922 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700844049 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700896025 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700896025 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700948954 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.700958014 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.701001883 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.701755047 CET49722443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:24.701780081 CET44349722104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.714760065 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:24.714808941 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.714922905 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:24.715136051 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:24.715153933 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.740386963 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.741000891 CET4434972145.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.741067886 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.744344950 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.745537996 CET49721443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763375044 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763433933 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763467073 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763519049 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763539076 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763637066 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763699055 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763755083 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763789892 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763818026 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763853073 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763863087 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.763912916 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764316082 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764389992 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764395952 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764432907 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764481068 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764487982 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764935017 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764983892 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.764991045 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765067101 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765100002 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765111923 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765119076 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765151024 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765153885 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765165091 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765217066 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.765923023 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.766015053 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.766118050 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.766125917 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.782849073 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.782938957 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.782978058 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783006907 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783020973 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783036947 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783049107 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783061981 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783092022 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783106089 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783329010 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783358097 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783391953 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783401966 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783615112 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783627033 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783972979 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.783999920 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784015894 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784024000 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784059048 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784069061 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784075975 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784120083 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784127951 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784936905 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784967899 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.784996033 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785012007 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785018921 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785052061 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785058975 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785092115 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785132885 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785140038 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.785175085 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.808322906 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.808351994 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852585077 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852603912 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852641106 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852659941 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852672100 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852688074 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852705956 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852727890 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852735043 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.852916956 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853482008 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853579998 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853589058 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853631973 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853650093 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.853679895 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.854523897 CET49725443192.168.2.17151.101.2.137
                                                                                                                                                                                  Jan 8, 2025 20:17:24.854542017 CET44349725151.101.2.137192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.861211061 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.861260891 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.861557961 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.861795902 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.861812115 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.869843006 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.869908094 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.869940042 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.869971037 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.869998932 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870033979 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870054960 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870151997 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870197058 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870206118 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870517969 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870563030 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870573044 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870857954 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870906115 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870923996 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.870934963 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871052980 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871062040 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871073008 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871095896 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871524096 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871565104 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871578932 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871589899 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871618986 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871798992 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871838093 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871853113 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.871893883 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872365952 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872421980 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872582912 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872622013 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872629881 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872648954 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.872670889 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873236895 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873296022 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873311043 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873379946 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873416901 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.873425961 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.916656971 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.916729927 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.916759014 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.917026043 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956798077 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956872940 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956877947 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956898928 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956928968 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.956954002 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957083941 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957133055 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957250118 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957293987 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957417965 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957464933 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957672119 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957704067 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957725048 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957732916 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.957793951 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958137989 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958194017 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958203077 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958247900 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958293915 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958298922 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958447933 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958491087 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958498001 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958539963 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958616972 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958761930 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958791971 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.958888054 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.962173939 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.984999895 CET49724443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:24.985028982 CET44349724104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.147588968 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:25.147631884 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.147712946 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:25.148370981 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:25.148384094 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.181973934 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.182594061 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.182626009 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.183727026 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.183799982 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.184947968 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.185015917 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.185219049 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.185228109 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.237343073 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.282943964 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283010006 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283041954 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283071995 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283086061 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283113003 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.283123970 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.289967060 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290011883 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290019035 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290039062 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290113926 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290127993 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290175915 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290220976 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.290229082 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.297847033 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.297910929 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.297930002 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.334067106 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.336487055 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.336513996 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.336863041 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.337354898 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.337428093 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.337622881 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.349322081 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.371598959 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.371711016 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.371758938 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.371968985 CET49727443192.168.2.17151.101.1.229
                                                                                                                                                                                  Jan 8, 2025 20:17:25.371989012 CET44349727151.101.1.229192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.383338928 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528604031 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528656960 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528695107 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528732061 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528737068 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528762102 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528779984 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528809071 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528841972 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528871059 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528879881 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528891087 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.528903008 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.529218912 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.529247046 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.529283047 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.529289961 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.529326916 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.605879068 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.605968952 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.605999947 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.606046915 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.606079102 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.606118917 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.606131077 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.615416050 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.615488052 CET44349728104.18.10.207192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.615557909 CET49728443192.168.2.17104.18.10.207
                                                                                                                                                                                  Jan 8, 2025 20:17:25.634690046 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.635045052 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:25.635068893 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.635433912 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.635785103 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:25.635885000 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.685342073 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:26.831085920 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:26.831165075 CET44349729104.18.2.200192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:26.831244946 CET49729443192.168.2.17104.18.2.200
                                                                                                                                                                                  Jan 8, 2025 20:17:50.644764900 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:50.644804955 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:50.644927025 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:50.650185108 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:50.650197029 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.146657944 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.146780014 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.148804903 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.148823023 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.149058104 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.201544046 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.202948093 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.243330002 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.304878950 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.305536032 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.305552006 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.423568964 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.423796892 CET443497335.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.423851967 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.446445942 CET49733443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.553127050 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.553200960 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:51.553317070 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.553659916 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:51.553680897 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:52.029520035 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:52.031428099 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:52.031476974 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:56.484093904 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:56.484172106 CET443497345.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:56.484226942 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:17:56.487406015 CET49734443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:16.175324917 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.175374985 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.175491095 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.183732986 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.183753014 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.684248924 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.684323072 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.686726093 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.686738968 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.686975002 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.739476919 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.783334017 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.849039078 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:16.852740049 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:16.852761030 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:17.171220064 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:17.172513008 CET4434973845.33.84.9192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:17.172594070 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:17.179733992 CET49738443192.168.2.1745.33.84.9
                                                                                                                                                                                  Jan 8, 2025 20:18:31.181405067 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.181443930 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.181521893 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.186388016 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.186409950 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.666071892 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.666189909 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.668263912 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.668276072 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.668517113 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.723113060 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.723407030 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.767328024 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.828911066 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.829520941 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.829539061 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.946523905 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.946821928 CET443497395.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:31.946877003 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:31.954324007 CET49739443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.019393921 CET49740443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.019434929 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.019522905 CET49740443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.019885063 CET49740443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.019898891 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.508419037 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.510587931 CET49740443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.510606050 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.830810070 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.830888033 CET443497405.161.105.73192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:18:32.830976963 CET49740443192.168.2.175.161.105.73
                                                                                                                                                                                  Jan 8, 2025 20:18:32.833630085 CET49740443192.168.2.175.161.105.73

                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  Jan 8, 2025 20:17:01.440500975 CET5699553192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:01.464534998 CET53569951.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:20.750051975 CET5457853192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:20.797825098 CET53545781.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.280003071 CET5141553192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:23.308286905 CET53514151.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.351862907 CET53610891.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.359961033 CET6372853192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:23.360131979 CET5586753192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:23.367571115 CET53569271.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.396286011 CET53637281.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:23.406079054 CET53558671.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.081633091 CET5564953192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.081866026 CET6266453192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.082423925 CET6078753192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.082597971 CET6354753192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083554983 CET6016953192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083790064 CET5894553192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.088440895 CET53556491.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.088768959 CET53626641.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089303970 CET53607871.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089555979 CET53635471.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090317011 CET53601691.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090451956 CET53589451.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.221411943 CET53524951.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.470462084 CET53544151.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.704238892 CET5230053192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.704935074 CET5483253192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712012053 CET53548321.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET53523001.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:25.175801039 CET53571081.1.1.1192.168.2.17
                                                                                                                                                                                  Jan 8, 2025 20:17:50.622386932 CET6156953192.168.2.171.1.1.1
                                                                                                                                                                                  Jan 8, 2025 20:17:50.639169931 CET53615691.1.1.1192.168.2.17

                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                  Jan 8, 2025 20:17:01.440500975 CET192.168.2.171.1.1.10xef79Standard query (0)apb.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:20.750051975 CET192.168.2.171.1.1.10xb5b9Standard query (0)sts.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.280003071 CET192.168.2.171.1.1.10x7e10Standard query (0)can.thisilient.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.359961033 CET192.168.2.171.1.1.10xe33dStandard query (0)www.zipthisapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.360131979 CET192.168.2.171.1.1.10x3d34Standard query (0)www.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.081633091 CET192.168.2.171.1.1.10x1e2fStandard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.081866026 CET192.168.2.171.1.1.10x14cfStandard query (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.082423925 CET192.168.2.171.1.1.10x80dcStandard query (0)stackpath.bootstrapcdn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.082597971 CET192.168.2.171.1.1.10xd385Standard query (0)stackpath.bootstrapcdn.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083554983 CET192.168.2.171.1.1.10x5849Standard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.083790064 CET192.168.2.171.1.1.10xdea8Standard query (0)code.jquery.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.704238892 CET192.168.2.171.1.1.10x1ae6Standard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.704935074 CET192.168.2.171.1.1.10xe3ecStandard query (0)cdn.jsdelivr.net65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:50.622386932 CET192.168.2.171.1.1.10x22a6Standard query (0)tzpdld.comA (IP address)IN (0x0001)false

                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                  Jan 8, 2025 20:17:01.464534998 CET1.1.1.1192.168.2.170xef79No error (0)apb.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:20.797825098 CET1.1.1.1192.168.2.170xb5b9No error (0)sts.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.308286905 CET1.1.1.1192.168.2.170x7e10No error (0)can.thisilient.com45.33.84.9A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.396286011 CET1.1.1.1192.168.2.170xe33dNo error (0)www.zipthisapp.com104.18.2.200A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.396286011 CET1.1.1.1192.168.2.170xe33dNo error (0)www.zipthisapp.com104.18.3.200A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:23.406079054 CET1.1.1.1192.168.2.170x3d34No error (0)www.zipthisapp.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.088440895 CET1.1.1.1192.168.2.170x1e2fNo error (0)cdnjs.cloudflare.com104.17.25.14A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.088440895 CET1.1.1.1192.168.2.170x1e2fNo error (0)cdnjs.cloudflare.com104.17.24.14A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.088768959 CET1.1.1.1192.168.2.170x14cfNo error (0)cdnjs.cloudflare.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089303970 CET1.1.1.1192.168.2.170x80dcNo error (0)stackpath.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089303970 CET1.1.1.1192.168.2.170x80dcNo error (0)stackpath.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.089555979 CET1.1.1.1192.168.2.170xd385No error (0)stackpath.bootstrapcdn.com65IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090317011 CET1.1.1.1192.168.2.170x5849No error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090317011 CET1.1.1.1192.168.2.170x5849No error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090317011 CET1.1.1.1192.168.2.170x5849No error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.090317011 CET1.1.1.1192.168.2.170x5849No error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712012053 CET1.1.1.1192.168.2.170xe3ecNo error (0)cdn.jsdelivr.netjsdelivr.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET1.1.1.1192.168.2.170x1ae6No error (0)cdn.jsdelivr.netjsdelivr.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET1.1.1.1192.168.2.170x1ae6No error (0)jsdelivr.map.fastly.net151.101.1.229A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET1.1.1.1192.168.2.170x1ae6No error (0)jsdelivr.map.fastly.net151.101.129.229A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET1.1.1.1192.168.2.170x1ae6No error (0)jsdelivr.map.fastly.net151.101.65.229A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:24.712122917 CET1.1.1.1192.168.2.170x1ae6No error (0)jsdelivr.map.fastly.net151.101.193.229A (IP address)IN (0x0001)false
                                                                                                                                                                                  Jan 8, 2025 20:17:50.639169931 CET1.1.1.1192.168.2.170x22a6No error (0)tzpdld.com5.161.105.73A (IP address)IN (0x0001)false

                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                  • apb.thisilient.com
                                                                                                                                                                                  • sts.thisilient.com
                                                                                                                                                                                  • can.thisilient.com
                                                                                                                                                                                  • www.zipthisapp.com
                                                                                                                                                                                  • https:
                                                                                                                                                                                    • stackpath.bootstrapcdn.com
                                                                                                                                                                                    • cdnjs.cloudflare.com
                                                                                                                                                                                    • code.jquery.com
                                                                                                                                                                                    • cdn.jsdelivr.net
                                                                                                                                                                                  • tzpdld.com

                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  0192.168.2.174970545.33.84.94436920C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:02 UTC154OUTPOST /v6 HTTP/1.1
                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                  Host: apb.thisilient.com
                                                                                                                                                                                  Content-Length: 88
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:17:02 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:17:02 UTC88OUTData Raw: 48 51 45 4e 42 67 5a 66 56 77 55 42 53 41 45 43 56 67 41 66 55 67 63 49 42 68 6f 46 41 41 64 52 54 46 41 4b 44 6c 30 41 57 6c 4e 54 55 77 45 41 42 78 59 48 55 31 4a 52 43 41 59 42 42 41 46 66 55 51 6b 48 41 46 55 48 53 56 70 52 56 77 49 41 55 67 5a 52 56 67 3d 3d
                                                                                                                                                                                  Data Ascii: HQENBgZfVwUBSAECVgAfUgcIBhoFAAdRTFAKDl0AWlNTUwEABxYHU1JRCAYBBAFfUQkHAFUHSVpRVwIAUgZRVg==
                                                                                                                                                                                  2025-01-08 19:17:02 UTC192INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:02 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:17:02 UTC569INData Raw: 32 33 32 0d 0a 22 48 51 64 77 46 41 6f 46 55 31 31 63 58 6c 6c 56 52 45 70 57 52 46 74 64 56 68 55 41 41 78 30 45 63 52 63 41 43 67 41 4c 55 46 77 45 41 51 55 43 46 51 51 4b 56 77 45 61 42 46 64 55 41 52 30 4b 42 77 67 45 48 51 5a 58 44 67 42 51 42 41 30 4f 41 77 5a 52 43 52 55 41 41 78 30 46 63 78 63 41 43 6c 46 52 52 56 46 59 58 6b 45 58 43 67 49 58 41 6e 6b 53 42 58 41 58 44 33 49 58 41 77 70 64 52 56 39 43 62 46 46 51 58 56 30 53 41 67 41 58 43 33 45 58 42 48 6f 53 42 58 59 58 43 6e 4d 58 41 77 70 55 52 55 46 47 56 31 31 34 52 46 56 48 46 51 41 41 48 51 4e 7a 56 31 6c 62 51 31 63 58 43 6e 4d 58 41 77 70 61 57 56 39 58 62 45 6c 43 56 42 30 46 41 68 63 42 65 52 55 41 41 31 6c 48 51 46 35 62 57 31 46 47 57 46 64 5a 46 51 42 30 56 31 4e 47 56 45 77 61 51
                                                                                                                                                                                  Data Ascii: 232"HQdwFAoFU11cXllVREpWRFtdVhUAAx0EcRcACgALUFwEAQUCFQQKVwEaBFdUAR0KBwgEHQZXDgBQBA0OAwZRCRUAAx0FcxcAClFRRVFYXkEXCgIXAnkSBXAXD3IXAwpdRV9CbFFQXV0SAgAXC3EXBHoSBXYXCnMXAwpURUFGV114RFVHFQAAHQNzV1lbQ1cXCnMXAwpaWV9XbElCVB0FAhcBeRUAA1lHQF5bW1FGWFdZFQB0V1NGVEwaQ
                                                                                                                                                                                  2025-01-08 19:17:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  1192.168.2.174970645.33.84.94436920C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:04 UTC130OUTPOST /v6 HTTP/1.1
                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                  Host: apb.thisilient.com
                                                                                                                                                                                  Content-Length: 88
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  2025-01-08 19:17:04 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:17:04 UTC88OUTData Raw: 48 51 45 4e 42 67 5a 66 56 77 55 42 53 41 45 43 56 67 41 66 55 67 63 49 42 68 6f 46 41 41 64 52 54 46 41 4b 44 6c 30 41 57 6c 4e 54 55 77 45 41 42 78 59 48 55 31 4a 52 43 41 59 42 42 41 46 66 55 51 6b 48 41 46 55 48 53 56 4e 57 55 51 4d 50 55 77 35 62 55 41 51 3d
                                                                                                                                                                                  Data Ascii: HQENBgZfVwUBSAECVgAfUgcIBhoFAAdRTFAKDl0AWlNTUwEABxYHU1JRCAYBBAFfUQkHAFUHSVNWUQMPUw5bUAQ=
                                                                                                                                                                                  2025-01-08 19:17:04 UTC192INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:04 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:17:04 UTC569INData Raw: 32 33 32 0d 0a 22 46 41 42 32 46 51 55 45 57 31 64 61 55 46 68 51 51 55 4a 57 51 6c 46 58 57 68 4d 44 42 52 45 44 64 68 4d 4b 43 67 51 50 55 46 4d 48 41 51 41 47 46 51 77 4d 55 41 67 61 41 46 56 52 44 78 55 41 41 67 59 43 47 67 42 56 41 51 5a 61 44 51 45 50 41 67 4e 58 41 52 49 45 43 68 30 47 64 52 51 46 42 6c 46 55 51 6c 46 58 57 6b 55 55 42 51 59 56 42 48 63 64 44 58 59 54 42 6e 55 52 41 67 56 63 54 56 56 45 59 6c 42 56 57 46 55 53 42 41 6f 64 42 33 63 55 41 6e 59 56 41 6e 49 64 43 6e 63 54 41 77 56 58 52 55 52 43 56 31 56 2b 51 31 78 48 45 51 49 46 45 77 74 35 55 6c 64 64 52 46 45 56 42 58 55 64 43 67 5a 62 57 46 70 52 5a 45 35 47 58 52 30 47 42 42 51 45 64 52 55 46 42 46 6c 49 52 46 70 59 56 46 56 45 58 6c 6c 57 48 51 5a 77 58 6c 52 41 56 55 4d 62 53
                                                                                                                                                                                  Data Ascii: 232"FAB2FQUEW1daUFhQQUJWQlFXWhMDBREDdhMKCgQPUFMHAQAGFQwMUAgaAFVRDxUAAgYCGgBVAQZaDQEPAgNXARIECh0GdRQFBlFUQlFXWkUUBQYVBHcdDXYTBnURAgVcTVVEYlBVWFUSBAodB3cUAnYVAnIdCncTAwVXRURCV1V+Q1xHEQIFEwt5UlddRFEVBXUdCgZbWFpRZE5GXR0GBBQEdRUFBFlIRFpYVFVEXllWHQZwXlRAVUMbS
                                                                                                                                                                                  2025-01-08 19:17:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  2192.168.2.174971445.33.84.94436920C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:21 UTC96OUTGET /st HTTP/1.1
                                                                                                                                                                                  X-Event-Type: conversion
                                                                                                                                                                                  Host: sts.thisilient.com
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:17:21 UTC169INHTTP/1.1 400 Bad Request
                                                                                                                                                                                  Content-Length: 2
                                                                                                                                                                                  Content-Type: application/json;charset=ISO-8859-1
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:21 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  2025-01-08 19:17:21 UTC2INData Raw: 7b 7d
                                                                                                                                                                                  Data Ascii: {}


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  3192.168.2.174971545.33.84.94436920C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:23 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                  Host: can.thisilient.com
                                                                                                                                                                                  Content-Length: 708
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:17:23 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:17:23 UTC708OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 56 57 46 74 58 43 42 56 76 57 6c 6b 58 52 51 63 4f 44 51 52 48 55 51 70 59 50 41 68 64 55 42 39 61 57 6b 70 43 42 51 34 4a 56 55 52 72 51 46 63 4b 42 46 46 41 55 6a 74 48 41 78 41 53 44 46 78 57 57 41 64 54 53 67 4d 5a 43 77 73 61 43 41 5a 57 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 45 4a 4b 56 6b 5a 6d 58 77 42 66 55 77 51 44 42 6c 52 54 42 77 49 64 41 67 4d 47 41 30 74 57 42 31 30 47 46 51 51 48 41 6c 63 66 41 67 41 46 44 41 38 50 55 77 4d 42 43 41 55 48 46 45 45 46 45 31 56 57 57 54 74 44 41 78 45 4f 43 55 5a 4d 44 46 6b 4e 57 51 4d 46 41 51 4e 4d 43 41 5a 57 56 6b 4e 54 58 6c 56 63 58 41 4d 4e 62 31 70 54 57 51 46 41 45 51 34 51 51 56 73 41 61 51 6f
                                                                                                                                                                                  Data Ascii: V0FcXUBmWAUPAA1VWFtXCBVvWlkXRQcODQRHUQpYPAhdUB9aWkpCBQ4JVURrQFcKBFFAUjtHAxASDFxWWAdTSgMZCwsaCAZWRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFEJKVkZmXwBfUwQDBlRTBwIdAgMGA0tWB10GFQQHAlcfAgAFDA8PUwMBCAUHFEEFE1VWWTtDAxEOCUZMDFkNWQMFAQNMCAZWVkNTXlVcXAMNb1pTWQFAEQ4QQVsAaQo
                                                                                                                                                                                  2025-01-08 19:17:24 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:17:24 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                  Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                  2025-01-08 19:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  4192.168.2.1749719104.18.2.2004435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:23 UTC707OUTGET /success?u=6452faac-14b2-4f85-a1a3-5968697ad833 HTTP/1.1
                                                                                                                                                                                  Host: www.zipthisapp.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC455INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Last-Modified: Mon, 06 Jan 2025 08:02:35 GMT
                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                  X-Cache: MISS from ip-10-14-20-149.ec2.internal
                                                                                                                                                                                  X-Cache-Lookup: MISS from ip-10-14-20-149.ec2.internal:80
                                                                                                                                                                                  Cache-Control: public, max-age=900
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee8708ae090f3d-EWR
                                                                                                                                                                                  2025-01-08 19:17:24 UTC914INData Raw: 66 39 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 5a 69 70 20 54 68 69 73 20 2d 20 53 75 63 63 65 73 73 66 75 6c 6c 79 20 55 70 64 61 74 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 6e 6b 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65
                                                                                                                                                                                  Data Ascii: f97<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Zip This - Successfully Updated</title> ... Link Favicon --> <link rel="icon" href="asse
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 63 20 3d 20 74 72 75 65 3b 20 6a 2e 73 72 63 20 3d 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 6d 2e 6a 73 3f 69 64 3d 27 20 2b 20 69 20 2b 20 64 6c 3b 20 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6a 2c 20 66 29 3b 0a 20 20 20 20 20 20 7d 29 28 77 69 6e 64 6f 77 2c 20 64 6f 63 75 6d 65 6e 74 2c 20 27 73 63 72 69 70 74 27 2c 20 27 64 61 74 61 4c 61 79 65 72 27 2c 20 27 47 54 4d 2d 57 44 48 35 35 54 36 35 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 21 2d 2d 20 45 6e 64 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 21 2d 2d 20
                                                                                                                                                                                  Data Ascii: c = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-WDH55T65');</script> ... End Google Tag Manager --></head><body> ...
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 76 20 63 6c 61 73 73 3d 22 62 6c 6f 63 6b 73 2d 63 61 72 64 2d 77 72 61 70 70 65 72 20 70 78 2d 34 20 70 79 2d 31 20 6d 78 2d 35 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 74 2d 34 22 3e 30 32 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 34 20 63 6c 61 73 73 3d 22 70 74 2d 31 22 3e 4c 61 75 6e 63 68 20 4f 75 72 20 41 70 70 3c 2f 68 34 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 44 6f 75 62 6c 65 2d 63 6c 69 63 6b 20 6f 6e 20 74 68 65 20 5a 69 70 54 68 69 73 20 69 63 6f 6e 20 74 6f 20 6c 61 75 6e 63 68 20 74 68 65 20 61 70 70 2e 20 3c 2f 70 3e 0a 20
                                                                                                                                                                                  Data Ascii: v class="blocks-card-wrapper px-4 py-1 mx-5"> <div class="mt-4">02</div> <h4 class="pt-1">Launch Our App</h4> <p>Double-click on the ZipThis icon to launch the app. </p>
                                                                                                                                                                                  2025-01-08 19:17:24 UTC346INData Raw: 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 40 70 6f 70 70 65 72 6a 73 2f 63 6f 72 65 40 32 2e 35 2e 32 2f 64 69 73 74 2f 75 6d 64 2f 70 6f 70 70 65 72 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 63 6b 70 61 74 68 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 34 2e 35 2e 32 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 61 73 73 65 74 73 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d
                                                                                                                                                                                  Data Ascii: dn.jsdelivr.net/npm/@popperjs/core@2.5.2/dist/umd/popper.min.js"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> <script src="assets/script.js"></script> <script> window.onload =
                                                                                                                                                                                  2025-01-08 19:17:24 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 1
                                                                                                                                                                                  2025-01-08 19:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  5192.168.2.1749720104.18.2.2004435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC600OUTGET /assets/css/main.css HTTP/1.1
                                                                                                                                                                                  Host: www.zipthisapp.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: text/css,*/*;q=0.1
                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: style
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC498INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Content-Type: text/css
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Last-Modified: Mon, 06 Jan 2025 08:02:33 GMT
                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                  X-Cache: HIT from ip-10-14-20-149.ec2.internal
                                                                                                                                                                                  X-Cache-Lookup: HIT from ip-10-14-20-149.ec2.internal:80
                                                                                                                                                                                  Cache-Control: public, max-age=14400
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  CF-Cache-Status: REVALIDATED
                                                                                                                                                                                  Expires: Wed, 08 Jan 2025 23:17:24 GMT
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee8709db01de97-EWR
                                                                                                                                                                                  2025-01-08 19:17:24 UTC871INData Raw: 32 32 62 34 0d 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 44 4d 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 35 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 27 29 3b 0a 0a 2f 2a 20 63 6f 6c 6f 72 73 20 2a 2f 0a 2e 6d 61 69 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 32 31 31 35 31 3b 0a 7d 0a 2e 73 65 63 6f 6e 64 61 72 79 2d 63 6f 6c 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 35 44 32 35 46 43 3b 0a 7d 0a 2e 6c 69 67 68 74 2d 63 6f 6c 6f 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 45 35 45 35 45 35 3b 0a 7d 0a 2e 64 61 72 6b 2d 63 6f 6c 6f 72 20 7b 0a 20 20
                                                                                                                                                                                  Data Ascii: 22b4@import url('https://fonts.googleapis.com/css2?family=DM+Sans:wght@400;500;700&display=swap');/* colors */.main-background { background: #221151;}.secondary-color { color: #5D25FC;}.light-color { color: #E5E5E5;}.dark-color {
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 67 61 70 3a 35 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 3b 0a 7d 0a 2e 68 65 61 64 65 72 2d 6c 69 6e 6b 73 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 67 61 70 3a 35 30 70 78 3b 0a 7d 0a 2e 68 65 61 64 65 72 2d 6c 69 6e 6b 73 20 61 3a 68 6f 76 65 72 2c 0a 2e 68 65 61 64 65 72 2d 6c 69 6e 6b 73 20 61 2e 73 65 6c 65 63 74 65 64 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 38
                                                                                                                                                                                  Data Ascii: -left: auto; display: flex; align-items: center; font-size: 22px; font-weight: 400; gap:50px; font-family: Arial;}.header-links a { color: white; gap:50px;}.header-links a:hover,.header-links a.selected { color: #8
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 22 2e 2e 2f 69 6d 61 67 65 73 2f 68 65 72 6f 2d 73 68 61 70 65 73 2e 70 6e 67 22 29 20 63 65 6e 74 65 72 20 63 65 6e 74 65 72 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 63 6f 76 65 72 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 7d 0a 2e 68 65 72 6f 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 2e 32 76 77 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 38 30 70 78 3b 0a 7d 0a 2e 68 65 72 6f 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 33 76 77 3b 0a 20 20 20 20 66 6f 6e 74
                                                                                                                                                                                  Data Ascii: idth:100%; background: url("../images/hero-shapes.png") center center no-repeat; background-size: cover; margin: 0 auto;}.hero h1 { font-size: 3.2vw; font-weight: 700; line-height: 80px;}.hero p { font-size: 1.3vw; font
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 3a 20 31 34 30 70 78 3b 0a 7d 0a 23 69 74 65 6d 33 64 2d 35 20 7b 0a 20 20 20 20 74 6f 70 3a 20 31 35 25 3b 0a 20 20 20 20 72 69 67 68 74 3a 20 32 35 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 38 30 70 78 3b 0a 7d 0a 23 69 74 65 6d 33 64 2d 36 20 7b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 32 30 25 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 35 30 70 78 3b 0a 7d 0a 2e 73 6f 2d 62 6c 6f 63 6b 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 7d 0a 2f 2a 69 6e 64 69 63 61 74 6f 72 2a 2f 0a 23 69 6e 64 69 63 61 74 6f 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 20 20 20 20 74 6f 70 3a 20 32 30 70 78 3b 0a 20 20 20 20 72
                                                                                                                                                                                  Data Ascii: : 140px;}#item3d-5 { top: 15%; right: 25%; width: 80px;}#item3d-6 { top: 50%; left: 20%; width: 150px;}.so-block { margin: 50px; margin-top: 20px;}/*indicator*/#indicator { position: fixed; top: 20px; r
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 6c 6f 63 6b 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 6c 65 67 61 6c 73 2d 62 6c 6f 63 6b 20 68 32 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 0a 7d 0a 2f 2a 20 63 6f 6e 74 65 6e 74 20 2a 2f 0a 2e 63 6f 6e 74 65 6e 74 2d 63 61 72 64 2d 77 72 61 70 70 65 72 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78
                                                                                                                                                                                  Data Ascii: lock a:hover { text-decoration: underline;}.legals-block h2 { margin-bottom: 10px; margin-top: 30px; font-size: 18px; font-weight: 700; text-transform:uppercase;}/* content */.content-card-wrapper { display: flex; flex
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 64 69 76 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 2e 72 6f 75 6e 64 2d 62 6c 6f 63 6b 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 63 6f 6e 74 65 6e 74 20 2e 63 61 72 64 2e 63 61 72 64 2d 6f 70 65 6e 65 64 20 69 6d 67 2e 61 72 72 6f 77 2d 62 74 74 6e 20 7b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 2d 31 38 30 64 65 67 29 3b 0a 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 74 72 61 6e 73 66 6f 72 6d 20 30 2e 35 73 20 65 61 73 65 3b 0a
                                                                                                                                                                                  Data Ascii: margin-top: 20px;}.content .card.card-opened div p { font-size: 18px;}.content .card.card-opened .round-block { display: none;}.content .card.card-opened img.arrow-bttn { transform: rotate(-180deg); transition: transform 0.5s ease;
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1176INData Raw: 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 32 35 30 70 78 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 2e 62 6c 6f 63 6b 73 2d 63 61 72 64 2d 77 72 61 70 70 65 72 20 64 69 76 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 35 30 70 78 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 32 31 31 35 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 38 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 32 32 31 31 35 31 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 35 30 70 78 3b 0a 7d 0a 2e 62 6c 6f 63 6b 73 2d 63 61 72 64 2d 77 72 61 70 70
                                                                                                                                                                                  Data Ascii: border-radius: 10px; height: 250px; overflow: hidden;}.blocks-card-wrapper div { width: 50px; color: #221151; font-size: 38px; font-weight: 700; border-bottom: 4px solid #221151; line-height: 50px;}.blocks-card-wrapp
                                                                                                                                                                                  2025-01-08 19:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  6192.168.2.174972145.33.84.94436288C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                  Host: can.thisilient.com
                                                                                                                                                                                  Content-Length: 148
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:17:24 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:17:24 UTC148OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 59 56 55 5a 62 45 41 52 76 55 6b 63 55 62 68 4d 52 41 41 4a 57 48 68 42 46 42 68 5a 74 58 6c 30 4f 41 67 30 44 56 67 51 45 55 56 55 5a 41 77 59 45 55 78 30 48 55 56 77 45 53 77 4e 51 42 41 41 56 55 41 39 56 58 41 51 4f 44 6c 4a 51 41 51 56 58 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 46 4a 50 56 6c 70 4e 43 79 73 53 41 46 35 54 55 41 3d 3d
                                                                                                                                                                                  Data Ascii: V0FcXUBmWAUPAA1YVUZbEARvUkcUbhMRAAJWHhBFBhZtXl0OAg0DVgQEUVUZAwYEUx0HUVwESwNQBAAVUA9VXAQODlJQAQVXRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFFJPVlpNCysSAF5TUA==
                                                                                                                                                                                  2025-01-08 19:17:24 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:17:24 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                  Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                  2025-01-08 19:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  7192.168.2.1749722104.18.2.2004435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC650OUTGET /assets/images/256px.png HTTP/1.1
                                                                                                                                                                                  Host: www.zipthisapp.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC492INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                  Content-Length: 1838
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Last-Modified: Mon, 06 Jan 2025 08:02:33 GMT
                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                  X-Cache: HIT from ip-10-14-20-149.ec2.internal
                                                                                                                                                                                  X-Cache-Lookup: HIT from ip-10-14-20-149.ec2.internal:80
                                                                                                                                                                                  Cache-Control: public, max-age=14400
                                                                                                                                                                                  CF-Cache-Status: REVALIDATED
                                                                                                                                                                                  Expires: Wed, 08 Jan 2025 23:17:24 GMT
                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee870ceb8c7cb4-EWR
                                                                                                                                                                                  2025-01-08 19:17:24 UTC877INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 fb 00 00 00 c9 08 06 00 00 00 e5 c0 44 00 00 00 06 f5 49 44 41 54 78 9c ed dc cf 8b 9c 77 1d c0 f1 cf 33 3b bb dd 98 18 d7 a5 da b4 0d a8 88 b5 e6 54 7a 90 a2 01 2f c9 a5 1e a4 12 f0 6e fe 84 96 80 20 14 a1 a7 42 ef 82 e0 55 e2 21 bd 05 24 05 c1 1f 41 44 21 97 46 9a 22 12 69 92 95 84 64 b2 26 dd 64 f7 99 e7 f1 30 4e 32 49 f6 d7 ec ce ec b3 33 9f d7 0b 96 64 67 77 76 3e 97 37 9f ef 33 3b 3b 45 5d d7 31 52 57 cf 1f 8b e5 5b 1f 47 f1 79 c4 73 87 23 da f3 11 5f fd ee 68 1f 63 92 ac dc fa 72 3c ff 5a a7 e9 31 a0 d8 75 ec b7 2e 2d c4 dd ab 67 e2 9b 3f fa d9 68 46 9a 42 b7 2e 09 9e c6 ed 3c f6 7f 9e 7b 3d be fe e6 5f 63 66 7e 66 b4 23 4d 29 c1 d3 b0 e1 63 bf 7a fe 58 7c ed cd 8f c7 33 ce 94 13 3c 0d 6a 0d
                                                                                                                                                                                  Data Ascii: PNGIHDRDIDATxw3;Tz/n BU!$AD!F"id&d0N2I3dgwv>73;;E]1RW[Gys#_hcr<Z1u.-g?hFB.<{=_cf~f#M)czX|3<j
                                                                                                                                                                                  2025-01-08 19:17:24 UTC961INData Raw: 74 2a 3b 55 ff 8f 66 8a ba ea d6 51 6c ff 8f df 80 09 b3 fa 9f 4f 62 ee 85 57 55 0e d3 ae f5 dc b7 22 22 5a b6 3a 24 50 2e 9f e8 3d 41 07 4c b7 bb 7f 1b e2 9d 6a 80 c9 55 57 61 b3 43 12 36 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87 24 c4 0e 49 88 1d 92 10 3b 24 21 76 48 42 ec 90 84 d8 21 09 b1 43 12 62 87
                                                                                                                                                                                  Data Ascii: t*;UfQlObWU""Z:$P.=ALjUWaC6;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb$I;$!vHB!Cb


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  8192.168.2.1749724104.18.10.2074435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC579OUTGET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
                                                                                                                                                                                  Host: stackpath.bootstrapcdn.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: text/css,*/*;q=0.1
                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: style
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC952INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Content-Type: text/css; charset=utf-8
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  CDN-PullZone: 252412
                                                                                                                                                                                  CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                                                                                  CDN-RequestCountryCode: US
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Cache-Control: public, max-age=31919000
                                                                                                                                                                                  ETag: W/"816af0eddd3b4822c2756227c7e7b7ee"
                                                                                                                                                                                  Last-Modified: Mon, 25 Jan 2021 22:04:11 GMT
                                                                                                                                                                                  CDN-ProxyVer: 1.06
                                                                                                                                                                                  CDN-RequestPullSuccess: True
                                                                                                                                                                                  CDN-RequestPullCode: 200
                                                                                                                                                                                  CDN-CachedAt: 11/22/2024 23:02:21
                                                                                                                                                                                  CDN-EdgeStorageId: 1067
                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                  cross-origin-resource-policy: cross-origin
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  CDN-Status: 200
                                                                                                                                                                                  CDN-RequestTime: 0
                                                                                                                                                                                  CDN-RequestId: 8338118a232be829937a6300edbdeedc
                                                                                                                                                                                  CDN-Cache: HIT
                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                  Age: 889358
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee870cfc480f69-EWR
                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                  2025-01-08 19:17:24 UTC417INData Raw: 37 62 66 61 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 66
                                                                                                                                                                                  Data Ascii: 7bfa/*! * Bootstrap v4.5.2 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors * Copyright 2011-2020 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--blue:#007bff;--indigo:#6610f
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 70 72 69 6d 61 72 79 3a 23 30 30 37 62 66 66 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 23 36 63 37 35 37 64 3b 2d 2d 73 75 63 63 65 73 73 3a 23 32 38 61 37 34 35 3b 2d 2d 69 6e 66 6f 3a 23 31 37 61 32 62 38 3b 2d 2d 77 61 72 6e 69 6e 67 3a 23 66 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 73 6d 3a 35 37 36 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6d 64 3a 37 36 38 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 6c 67 3a 39 39 32 70 78 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 6c 3a 31 32 30 30
                                                                                                                                                                                  Data Ascii: -dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 20 64 6f 74 74 65 64 3b 63 75 72 73 6f 72 3a 68 65 6c 70 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 6b 69 70 2d 69 6e 6b 3a 6e 6f 6e 65 7d 61 64 64 72 65 73 73 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74
                                                                                                                                                                                  Data Ascii: decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}dl,ol,ul{margin-top:0;margin-bott
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 20 2d 77 65 62 6b 69 74 2d 66 6f 63 75 73 2d 72 69 6e 67 2d 63 6f 6c 6f 72 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 72 6f 6c 65 3d 62 75 74 74 6f 6e 5d 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 73 65 6c 65 63 74 7b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 7d 5b 74 79 70 65 3d 62
                                                                                                                                                                                  Data Ascii: -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}[type=b
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 68 31 2c 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 7d 2e 68 32 2c 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 7d 2e 68 33 2c 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 35 72 65 6d 7d 2e 68 34 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 7d 2e 68 35 2c 68 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 7d 2e 68 36 2c 68 36 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 7d 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 2e 64 69 73 70 6c 61 79
                                                                                                                                                                                  Data Ascii: ,h3,h4,h5,h6{margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25rem;font-weight:300}.display
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 61 3e 63 6f 64 65 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 6b 62 64 7b 70 61 64 64 69 6e 67 3a 2e 32 72 65 6d 20 2e 34 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 72 65 6d 7d 6b 62 64 20 6b 62 64 7b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 70 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 37 2e 35 25 3b 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 7d 70 72 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69
                                                                                                                                                                                  Data Ascii: word-wrap:break-word}a>code{color:inherit}kbd{padding:.2rem .4rem;font-size:87.5%;color:#fff;background-color:#212529;border-radius:.2rem}kbd kbd{padding:0;font-size:100%;font-weight:700}pre{display:block;font-size:87.5%;color:#212529}pre code{font-size:i
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 2d 6d 64 2d 31 31 2c 2e 63 6f 6c 2d 6d 64 2d 31 32 2c 2e 63 6f 6c 2d 6d 64 2d 32 2c 2e 63 6f 6c 2d 6d 64 2d 33 2c 2e 63 6f 6c 2d 6d 64 2d 34 2c 2e 63 6f 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d 73 6d 2d 39 2c 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 2c
                                                                                                                                                                                  Data Ascii: -md-11,.col-md-12,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 63 6f 6c 2d 37 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 35 38 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 38 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 66 6c 65 78 3a 30 20 30 20 36 36 2e 36 36 36 36 36 37 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 39 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 66 6c 65 78 3a 30 20 30 20 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 37 35 25 7d 2e 63 6f 6c 2d 31 30 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 38 33 2e 33
                                                                                                                                                                                  Data Ascii: 0 0 50%;flex:0 0 50%;max-width:50%}.col-7{-ms-flex:0 0 58.333333%;flex:0 0 58.333333%;max-width:58.333333%}.col-8{-ms-flex:0 0 66.666667%;flex:0 0 66.666667%;max-width:66.666667%}.col-9{-ms-flex:0 0 75%;flex:0 0 75%;max-width:75%}.col-10{-ms-flex:0 0 83.3
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 31 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 66 6c 65 78 3a 30 20 30 20 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 32 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 66 6c 65 78 3a 30 20 30 20 35 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 25 7d 2e 72 6f 77 2d 63 6f 6c 73 2d 73 6d 2d 33 3e 2a 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 66 6c 65 78 3a 30 20 30 20 33 33 2e 33 33 33 33 33 33 25 3b 6d 61 78 2d 77 69 64 74 68 3a 33 33 2e 33 33
                                                                                                                                                                                  Data Ascii: asis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}.row-cols-sm-1>*{-ms-flex:0 0 100%;flex:0 0 100%;max-width:100%}.row-cols-sm-2>*{-ms-flex:0 0 50%;flex:0 0 50%;max-width:50%}.row-cols-sm-3>*{-ms-flex:0 0 33.333333%;flex:0 0 33.333333%;max-width:33.33
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 2d 31 3b 6f 72 64 65 72 3a 2d 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 6c 61 73 74 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 33 3b 6f 72 64 65 72 3a 31 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 30 3b 6f 72 64 65 72 3a 30 7d 2e 6f 72 64 65 72 2d 73 6d 2d 31 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 3b 6f 72 64 65 72 3a 31 7d 2e 6f 72 64 65 72 2d 73 6d 2d 32 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 32 3b 6f 72 64 65 72 3a 32 7d 2e 6f 72 64 65 72 2d 73 6d 2d 33 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 33 3b 6f 72 64 65 72 3a 33 7d 2e 6f 72 64 65 72 2d 73 6d 2d 34 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 34 3b 6f 72 64 65 72 3a 34
                                                                                                                                                                                  Data Ascii: t{-ms-flex-order:-1;order:-1}.order-sm-last{-ms-flex-order:13;order:13}.order-sm-0{-ms-flex-order:0;order:0}.order-sm-1{-ms-flex-order:1;order:1}.order-sm-2{-ms-flex-order:2;order:2}.order-sm-3{-ms-flex-order:3;order:3}.order-sm-4{-ms-flex-order:4;order:4


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  9192.168.2.1749723104.17.25.144435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC579OUTGET /ajax/libs/normalize/8.0.1/normalize.min.css HTTP/1.1
                                                                                                                                                                                  Host: cdnjs.cloudflare.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: text/css,*/*;q=0.1
                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: style
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC946INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  Content-Type: text/css; charset=utf-8
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Cache-Control: public, max-age=30672000
                                                                                                                                                                                  ETag: W/"5eb03f2b-745"
                                                                                                                                                                                  Last-Modified: Mon, 04 May 2020 16:13:31 GMT
                                                                                                                                                                                  cf-cdnjs-via: cfworker/kv
                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                  Age: 1160327
                                                                                                                                                                                  Expires: Mon, 29 Dec 2025 19:17:24 GMT
                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWEKcJ49n167aFmVD7AC7AFwJ1o2%2FCGJWlqmnX6heKwKl4DEPlET3lonPCCQ2w%2BlpjXpUsbJIHcby%2Fg8gmgluppVN2QT89ILzIc7NwOPMAj%2FJ21dAUYQOufuczkoOkMflwYTgIbm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                  NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                  Strict-Transport-Security: max-age=15780000
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee870cfa837ca0-EWR
                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                  2025-01-08 19:17:24 UTC423INData Raw: 37 34 35 0d 0a 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 2e 36 37 65 6d 20 30 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 70 72 65 7b 66
                                                                                                                                                                                  Data Ascii: 745/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{box-sizing:content-box;height:0;overflow:visible}pre{f
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1369INData Raw: 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 65 72 7d 63 6f 64 65 2c 6b 62 64 2c 73 61 6d 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 73 6d 61 6c 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 30 25 7d 73 75 62 2c 73 75 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 37 35 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 73 75 62 7b 62 6f 74 74 6f 6d 3a 2d 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 2e 35 65 6d 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67
                                                                                                                                                                                  Data Ascii: strong{font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optg
                                                                                                                                                                                  2025-01-08 19:17:24 UTC76INData Raw: 3a 6e 6f 6e 65 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 0a 2f 2a 23 20 73 6f 75 72 63 65 4d 61 70 70 69 6e 67 55 52 4c 3d 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 2e 6d 61 70 20 2a 2f 0d 0a
                                                                                                                                                                                  Data Ascii: :none}[hidden]{display:none}/*# sourceMappingURL=normalize.min.css.map */
                                                                                                                                                                                  2025-01-08 19:17:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  10192.168.2.1749725151.101.2.1374435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:24 UTC541OUTGET /jquery-3.5.1.slim.min.js HTTP/1.1
                                                                                                                                                                                  Host: code.jquery.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:24 UTC611INHTTP/1.1 200 OK
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Content-Length: 72380
                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                  Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                                  ETag: "28feccc0-11abc"
                                                                                                                                                                                  Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                  Age: 718062
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:24 GMT
                                                                                                                                                                                  X-Served-By: cache-lga21954-LGA, cache-ewr-kewr1740051-EWR
                                                                                                                                                                                  X-Cache: HIT, HIT
                                                                                                                                                                                  X-Cache-Hits: 511, 0
                                                                                                                                                                                  X-Timer: S1736363845.630490,VS0,VE1
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 2d 61 6a 61 78 2c 2d 61 6a 61 78 2f 6a 73 6f 6e 70 2c 2d 61 6a 61 78 2f 6c 6f 61 64 2c 2d 61 6a 61 78 2f 73 63 72 69 70 74 2c 2d 61 6a 61 78 2f 76 61 72 2f 6c 6f 63 61 74 69 6f 6e 2c 2d 61 6a 61 78 2f 76 61 72 2f 6e 6f 6e 63 65 2c 2d 61 6a 61 78 2f 76 61 72 2f 72 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 64 65 70 72 65 63 61 74 65 64 2f 61 6a 61 78 2d 65 76 65 6e 74 2d 61 6c 69 61 73 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63
                                                                                                                                                                                  Data Ascii: /*! jQuery v3.5.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other c
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 71 75 65 72 79 2c 2d 61 6a 61 78 2f 78 68 72 2c 2d 6d 61 6e 69 70 75 6c 61 74 69 6f 6e 2f 5f 65 76 61 6c 55 72 6c 2c 2d 64 65 70 72 65 63 61 74 65 64 2f 61 6a 61 78 2d 65 76 65 6e 74 2d 61 6c 69 61 73 2c 2d 65 66 66 65 63 74 73 2c 2d 65 66 66 65 63 74 73 2f 54 77 65 65 6e 2c 2d 65 66 66 65 63 74 73 2f 61 6e 69 6d 61 74 65 64 53 65 6c 65 63 74 6f 72 22 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 45 2e 66 6e 2e 69 6e 69 74 28 65 2c 74 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 76 61 72 20 74 3d 21 21 65 26 26 22 6c 65 6e 67 74 68 22 69 6e 20 65 26 26 65 2e 6c 65 6e 67 74 68 2c 6e 3d 54 28 65 29 3b 72 65 74 75 72 6e 21 62 28 65 29 26 26 21 78 28 65 29 26 26 28 22 61 72 72 61 79 22 3d 3d 3d 6e 7c 7c 30 3d 3d 3d
                                                                                                                                                                                  Data Ascii: query,-ajax/xhr,-manipulation/_evalUrl,-deprecated/ajax-event-alias,-effects,-effects/Tween,-effects/animatedSelector",E=function(e,t){return new E.fn.init(e,t)};function d(e){var t=!!e&&"length"in e&&e.length,n=T(e);return!b(e)&&!x(e)&&("array"===n||0===
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 21 3d 28 65 3d 61 72 67 75 6d 65 6e 74 73 5b 73 5d 29 29 66 6f 72 28 74 20 69 6e 20 65 29 72 3d 65 5b 74 5d 2c 22 5f 5f 70 72 6f 74 6f 5f 5f 22 21 3d 3d 74 26 26 61 21 3d 3d 72 26 26 28 6c 26 26 72 26 26 28 45 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 72 29 7c 7c 28 69 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 72 29 29 29 3f 28 6e 3d 61 5b 74 5d 2c 6f 3d 69 26 26 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f 5b 5d 3a 69 7c 7c 45 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 6e 29 3f 6e 3a 7b 7d 2c 69 3d 21 31 2c 61 5b 74 5d 3d 45 2e 65 78 74 65 6e 64 28 6c 2c 6f 2c 72 29 29 3a 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 61 5b 74 5d 3d 72 29 29 3b 72 65 74 75 72 6e 20 61 7d 2c 45 2e 65 78 74 65 6e 64 28 7b 65 78 70 61 6e 64 6f 3a 22 6a 51 75 65 72
                                                                                                                                                                                  Data Ascii: !=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(E.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||E.isPlainObject(n)?n:{},i=!1,a[t]=E.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},E.extend({expando:"jQuer
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 6c 26 26 28 45 2e 66 6e 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 74 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 29 2c 45 2e 65 61 63 68 28 22 42 6f 6f 6c 65 61 6e 20 4e 75 6d 62 65 72 20 53 74 72 69 6e 67 20 46 75 6e 63 74 69 6f 6e 20 41 72 72 61 79 20 44 61 74 65 20 52 65 67 45 78 70 20 4f 62 6a 65 63 74 20 45 72 72 6f 72 20 53 79 6d 62 6f 6c 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 5b 22 5b 6f 62 6a 65 63 74 20 22 2b 74 2b 22 5d 22 5d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 29 3b 76 61 72 20 70 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 2c 70 2c 78 2c 6f 2c 69 2c 68 2c 66 2c 67 2c 77 2c 75 2c 6c 2c 43 2c 54 2c 61 2c 45 2c 76 2c 73 2c 63 2c 79 2c 41 3d 22 73 69 7a 7a 6c
                                                                                                                                                                                  Data Ascii: l&&(E.fn[Symbol.iterator]=t[Symbol.iterator]),E.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var p=function(n){var e,p,x,o,i,h,f,g,w,u,l,C,T,a,E,v,s,c,y,A="sizzl
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 79 70 65 29 28 3f 3a 5c 5c 28 22 2b 52 2b 22 2a 28 65 76 65 6e 7c 6f 64 64 7c 28 28 5b 2b 2d 5d 7c 29 28 5c 5c 64 2a 29 6e 7c 29 22 2b 52 2b 22 2a 28 3f 3a 28 5b 2b 2d 5d 7c 29 22 2b 52 2b 22 2a 28 5c 5c 64 2b 29 7c 29 29 22 2b 52 2b 22 2a 5c 5c 29 7c 29 22 2c 22 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 49 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 52 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 52 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 52 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d
                                                                                                                                                                                  Data Ascii: ype)(?:\\("+R+"*(even|odd|(([+-]|)(\\d*)n|)"+R+"*(?:([+-]|)"+R+"*(\\d+)|))"+R+"*\\)|)","i"),bool:new RegExp("^(?:"+I+")$","i"),needsContext:new RegExp("^"+R+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+R+"*((?:-\\d)?\\d*)"+R+"*\\)|)(?=[^-]|$)","i")}
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 6e 20 6e 2e 70 75 73 68 28 61 29 2c 6e 7d 65 6c 73 65 20 69 66 28 66 26 26 28 61 3d 66 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 69 29 29 26 26 79 28 65 2c 61 29 26 26 61 2e 69 64 3d 3d 3d 69 29 72 65 74 75 72 6e 20 6e 2e 70 75 73 68 28 61 29 2c 6e 7d 65 6c 73 65 7b 69 66 28 75 5b 32 5d 29 72 65 74 75 72 6e 20 4f 2e 61 70 70 6c 79 28 6e 2c 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 29 29 2c 6e 3b 69 66 28 28 69 3d 75 5b 33 5d 29 26 26 70 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 4f 2e 61 70 70 6c 79 28 6e 2c 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 69 29 29 2c
                                                                                                                                                                                  Data Ascii: n n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return O.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&p.getElementsByClassName&&e.getElementsByClassName)return O.apply(n,e.getElementsByClassName(i)),
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 72 20 74 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 28 22 69 6e 70 75 74 22 3d 3d 3d 74 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 74 29 26 26 65 2e 74 79 70 65 3d 3d 3d 6e 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 65 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 6f 72 6d 22 69 6e 20 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 21 31 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 3f 22 6c 61 62 65 6c 22 69 6e 20 65 3f 22 6c 61 62 65 6c 22 69 6e 20 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 74 7c 7c 65 2e 69 73
                                                                                                                                                                                  Data Ascii: r t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.is
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 2c 70 2e 67 65 74 42 79 49 64 3d 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2e 69 64 3d 41 2c 21 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 41 29 2e 6c 65 6e 67 74 68 7d 29 2c 70 2e 67 65 74 42 79 49 64 3f 28 78 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 78 2e 66 69 6e 64 2e 49 44 3d
                                                                                                                                                                                  Data Ascii: .getElementsByClassName),p.getById=ce(function(e){return a.appendChild(e).id=A,!T.getElementsByName||!T.getElementsByName(A).length}),p.getById?(x.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},x.find.ID=
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 70 74 69 6f 6e 20 73 65 6c 65 63 74 65 64 3d 27 27 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 73 65 6c 65 63 74 3e 22 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6d 73 61 6c 6c 6f 77 63 61 70 74 75 72 65 5e 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 5b 2a 5e 24 5d 3d 22 2b 52 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 52 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 49 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 41 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 7e 3d 22 29 2c
                                                                                                                                                                                  Data Ascii: ption selected=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+R+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+R+"*(?:value|"+I+")"),e.querySelectorAll("[id~="+A+"-]").length||v.push("~="),
                                                                                                                                                                                  2025-01-08 19:17:24 UTC1378INData Raw: 2c 74 3d 4a 2e 74 65 73 74 28 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 29 2c 79 3d 74 7c 7c 4a 2e 74 65 73 74 28 61 2e 63 6f 6e 74 61 69 6e 73 29 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 3f 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3a 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29
                                                                                                                                                                                  Data Ascii: ,t=J.test(a.compareDocumentPosition),y=t||J.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  11192.168.2.1749727151.101.1.2294435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:25 UTC565OUTGET /npm/@popperjs/core@2.5.2/dist/umd/popper.min.js HTTP/1.1
                                                                                                                                                                                  Host: cdn.jsdelivr.net
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:25 UTC775INHTTP/1.1 200 OK
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Content-Length: 18309
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Access-Control-Expose-Headers: *
                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                  Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable
                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                  X-JSD-Version: 2.5.2
                                                                                                                                                                                  X-JSD-Version-Type: version
                                                                                                                                                                                  ETag: W/"4785-1nNOLfRgVlbAQdjbsczfWaJjx/0"
                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                  Age: 2488474
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:25 GMT
                                                                                                                                                                                  X-Served-By: cache-fra-eddf8230131-FRA, cache-nyc-kteb1890072-NYC
                                                                                                                                                                                  X-Cache: HIT, HIT
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 2f 2a 2a 0a 20 2a 20 40 70 6f 70 70 65 72 6a 73 2f 63 6f 72 65 20 76 32 2e 35 2e 32 20 2d 20 4d 49 54 20 4c 69 63 65 6e 73 65 0a 20 2a 2f 0a 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 74 28 65 78 70 6f 72 74 73 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 5d 2c 74 29 3a 74 28 28 65 3d 65 7c 7c 73 65 6c 66 29 2e 50 6f 70 70 65 72 3d 7b 7d 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28
                                                                                                                                                                                  Data Ascii: /** * @popperjs/core v2.5.2 - MIT License */"use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e=e||self).Popper={})}(this,(function(e){function t(
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 64 2e 73 63 72 6f 6c 6c 54 6f 70 2d 6d 2e 79 2c 77 69 64 74 68 3a 65 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 65 2e 68 65 69 67 68 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 29 7b 72 65 74 75 72 6e 7b 78 3a 65 2e 6f 66 66 73 65 74 4c 65 66 74 2c 79 3a 65 2e 6f 66 66 73 65 74 54 6f 70 2c 77 69 64 74 68 3a 65 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 72 65 74 75 72 6e 22 68 74 6d 6c 22 3d 3d 3d 61 28 65 29 3f 65 3a 65 2e 61 73 73 69 67 6e 65 64 53 6c 6f 74 7c 7c 65 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 65 2e 68 6f 73 74 7c 7c 73 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 65 2c 74 29 7b 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 5b 5d 29 3b 76
                                                                                                                                                                                  Data Ascii: d.scrollTop-m.y,width:e.width,height:e.height}}function u(e){return{x:e.offsetLeft,y:e.offsetTop,width:e.offsetWidth,height:e.offsetHeight}}function d(e){return"html"===a(e)?e:e.assignedSlot||e.parentNode||e.host||s(e)}function m(e,t){void 0===t&&(t=[]);v
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 75 6e 63 74 69 6f 6e 28 6e 29 7b 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 3d 76 6f 69 64 20 30 2c 6e 28 65 28 29 29 7d 29 29 7d 29 29 29 2c 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 26 26 74 2e 67 65 74 52 6f 6f 74 4e 6f 64 65 28 29 3b 69 66 28 6e 3d 21 28 21 6e 7c 7c 21 6e 2e 68 6f 73 74 29 2c 65 2e 63 6f 6e 74 61 69 6e 73 28 74 29 29 72 65 74 75 72 6e 21 30 3b 69 66 28 6e 29 64 6f 7b 69 66 28 74 26 26 65 2e 69 73 53 61 6d 65 4e 6f 64 65 28 74 29 29 72 65 74 75 72 6e 21 30 3b 74 3d 74 2e 70 61 72 65 6e 74 4e
                                                                                                                                                                                  Data Ascii: unction(n){Promise.resolve().then((function(){t=void 0,n(e())}))}))),t}}function y(e){return e.split("-")[0]}function O(e,t){var n=t.getRootNode&&t.getRootNode();if(n=!(!n||!n.host),e.contains(t))return!0;if(n)do{if(t&&e.isSameNode(t))return!0;t=t.parentN
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 65 29 26 26 4f 28 65 2c 6e 29 26 26 22 62 6f 64 79 22 21 3d 3d 61 28 65 29 7d 29 29 3a 5b 5d 7d 28 65 29 3a 5b 5d 2e 63 6f 6e 63 61 74 28 74 29 2c 28 6e 3d 28 6e 3d 5b 5d 2e 63 6f 6e 63 61 74 28 74 2c 5b 6e 5d 29 29 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 3d 78 28 65 2c 6e 29 2c 74 2e 74 6f 70 3d 4d 61 74 68 2e 6d 61 78 28 6e 2e 74 6f 70 2c 74 2e 74 6f 70 29 2c 74 2e 72 69 67 68 74 3d 4d 61 74 68 2e 6d 69 6e 28 6e 2e 72 69 67 68 74 2c 74 2e 72 69 67 68 74 29 2c 74 2e 62 6f 74 74 6f 6d 3d 4d 61 74 68 2e 6d 69 6e 28 6e 2e 62 6f 74 74 6f 6d 2c 74 2e 62 6f 74 74 6f 6d 29 2c 74 2e 6c 65 66 74 3d 4d 61 74 68 2e 6d 61 78 28 6e 2e 6c 65 66 74 2c 74 2e
                                                                                                                                                                                  Data Ascii: unction(e){return o(e)&&O(e,n)&&"body"!==a(e)})):[]}(e):[].concat(t),(n=(n=[].concat(t,[n])).reduce((function(t,n){return n=x(e,n),t.top=Math.max(n.top,t.top),t.right=Math.min(n.right,t.right),t.bottom=Math.min(n.bottom,t.bottom),t.left=Math.max(n.left,t.
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 65 6f 66 28 72 3d 76 6f 69 64 20 30 3d 3d 3d 28 72 3d 72 2e 70 61 64 64 69 6e 67 29 3f 30 3a 72 29 3f 72 3a 50 28 72 2c 53 29 29 3b 76 61 72 20 6c 3d 65 2e 65 6c 65 6d 65 6e 74 73 2e 72 65 66 65 72 65 6e 63 65 3b 63 3d 65 2e 72 65 63 74 73 2e 70 6f 70 70 65 72 2c 61 3d 6a 28 6f 28 70 3d 65 2e 65 6c 65 6d 65 6e 74 73 5b 70 3f 22 70 6f 70 70 65 72 22 3d 3d 3d 69 3f 22 72 65 66 65 72 65 6e 63 65 22 3a 22 70 6f 70 70 65 72 22 3a 69 5d 29 3f 70 3a 70 2e 63 6f 6e 74 65 78 74 45 6c 65 6d 65 6e 74 7c 7c 73 28 65 2e 65 6c 65 6d 65 6e 74 73 2e 70 6f 70 70 65 72 29 2c 61 2c 66 29 2c 70 3d 45 28 7b 72 65 66 65 72 65 6e 63 65 3a 66 3d 74 28 6c 29 2c 65 6c 65 6d 65 6e 74 3a 63 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 2c 70 6c 61 63 65 6d 65 6e 74 3a
                                                                                                                                                                                  Data Ascii: eof(r=void 0===(r=r.padding)?0:r)?r:P(r,S));var l=e.elements.reference;c=e.rects.popper,a=j(o(p=e.elements[p?"popper"===i?"reference":"popper":i])?p:p.contextElement||s(e.elements.popper),a,f),p=E({reference:f=t(l),element:c,strategy:"absolute",placement:
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 6e 74 29 3a 5b 5d 2c 70 6f 70 70 65 72 3a 6d 28 74 29 7d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 76 28 65 29 3b 72 65 74 75 72 6e 20 4e 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 74 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 70 68 61 73 65 3d 3d 3d 6e 7d 29 29 29 7d 29 2c 5b 5d 29 7d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 65 5b 74 2e 6e 61 6d 65 5d 3b 72 65 74 75 72 6e 20 65 5b 74 2e 6e 61 6d 65 5d 3d 6e 3f 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74
                                                                                                                                                                                  Data Ascii: nt):[],popper:m(t)},i=function(e){var t=v(e);return N.reduce((function(e,n){return e.concat(t.filter((function(e){return e.phase===n})))}),[])}(function(e){var t=e.reduce((function(e,t){var n=e[t.name];return e[t.name]=n?Object.assign(Object.assign(Object
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 30 7d 7d 3b 72 65 74 75 72 6e 20 6b 28 65 2c 74 29 3f 28 70 2e 73 65 74 4f 70 74 69 6f 6e 73 28 69 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 21 63 26 26 69 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 26 26 69 2e 6f 6e 46 69 72 73 74 55 70 64 61 74 65 28 65 29 7d 29 29 2c 70 29 3a 70 7d 7d 66 75 6e 63 74 69 6f 6e 20 57 28 65 29 7b 76 61 72 20 74 2c 72 3d 65 2e 70 6f 70 70 65 72 2c 6f 3d 65 2e 70 6f 70 70 65 72 52 65 63 74 2c 69 3d 65 2e 70 6c 61 63 65 6d 65 6e 74 2c 61 3d 65 2e 6f 66 66 73 65 74 73 2c 66 3d 65 2e 70 6f 73 69 74 69 6f 6e 2c 63 3d 65 2e 67 70 75 41 63 63 65 6c 65 72 61 74 69 6f 6e 2c 70 3d 65 2e 61 64 61 70 74 69 76 65 2c 6c 3d 77 69 6e 64 6f 77 2e 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 7c 7c 31 3b 65 3d 4d 61 74 68
                                                                                                                                                                                  Data Ascii: 0}};return k(e,t)?(p.setOptions(i).then((function(e){!c&&i.onFirstUpdate&&i.onFirstUpdate(e)})),p):p}}function W(e){var t,r=e.popper,o=e.popperRect,i=e.placement,a=e.offsets,f=e.position,c=e.gpuAcceleration,p=e.adaptive,l=window.devicePixelRatio||1;e=Math
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 2c 5b 22 61 75 74 6f 22 5d 29 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 63 6f 6e 63 61 74 28 5b 74 2c 74 2b 22 2d 73 74 61 72 74 22 2c 74 2b 22 2d 65 6e 64 22 5d 29 7d 29 2c 5b 5d 29 2c 4e 3d 22 62 65 66 6f 72 65 52 65 61 64 20 72 65 61 64 20 61 66 74 65 72 52 65 61 64 20 62 65 66 6f 72 65 4d 61 69 6e 20 6d 61 69 6e 20 61 66 74 65 72 4d 61 69 6e 20 62 65 66 6f 72 65 57 72 69 74 65 20 77 72 69 74 65 20 61 66 74 65 72 57 72 69 74 65 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 56 3d 7b 70 6c 61 63 65 6d 65 6e 74 3a 22 62 6f 74 74 6f 6d 22 2c 6d 6f 64 69 66 69 65 72 73 3a 5b 5d 2c 73 74 72 61 74 65 67 79 3a 22 61 62 73 6f 6c 75 74 65 22 7d 2c 49 3d 7b 70 61 73 73 69 76 65 3a 21 30 7d 2c 5f 3d 7b 6e 61 6d 65 3a
                                                                                                                                                                                  Data Ascii: ,["auto"]).reduce((function(e,t){return e.concat([t,t+"-start",t+"-end"])}),[]),N="beforeRead read afterRead beforeMain main afterMain beforeWrite write afterWrite".split(" "),V={placement:"bottom",modifiers:[],strategy:"absolute"},I={passive:!0},_={name:
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 73 74 79 6c 65 73 2e 70 6f 70 70 65 72 29 2c 57 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 65 29 2c 7b 7d 2c 7b 6f 66 66 73 65 74 73 3a 74 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 2e 70 6f 70 70 65 72 4f 66 66 73 65 74 73 2c 70 6f 73 69 74 69 6f 6e 3a 74 2e 6f 70 74 69 6f 6e 73 2e 73 74 72 61 74 65 67 79 2c 61 64 61 70 74 69 76 65 3a 6e 7d 29 29 29 29 2c 6e 75 6c 6c 21 3d 74 2e 6d 6f 64 69 66 69 65 72 73 44 61 74 61 2e 61 72 72 6f 77 26 26 28 74 2e 73 74 79 6c 65 73 2e 61 72 72 6f 77 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 74 2e 73 74 79 6c 65 73 2e 61 72 72 6f 77 29 2c 57 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73
                                                                                                                                                                                  Data Ascii: styles.popper),W(Object.assign(Object.assign({},e),{},{offsets:t.modifiersData.popperOffsets,position:t.options.strategy,adaptive:n})))),null!=t.modifiersData.arrow&&(t.styles.arrow=Object.assign(Object.assign({},t.styles.arrow),W(Object.assign(Object.ass
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1378INData Raw: 53 74 79 6c 65 73 22 5d 7d 2c 59 3d 7b 6e 61 6d 65 3a 22 6f 66 66 73 65 74 22 2c 65 6e 61 62 6c 65 64 3a 21 30 2c 70 68 61 73 65 3a 22 6d 61 69 6e 22 2c 72 65 71 75 69 72 65 73 3a 5b 22 70 6f 70 70 65 72 4f 66 66 73 65 74 73 22 5d 2c 66 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 73 74 61 74 65 2c 6e 3d 65 2e 6e 61 6d 65 2c 72 3d 76 6f 69 64 20 30 3d 3d 3d 28 65 3d 65 2e 6f 70 74 69 6f 6e 73 2e 6f 66 66 73 65 74 29 3f 5b 30 2c 30 5d 3a 65 2c 6f 3d 28 65 3d 43 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 6f 3d 74 2e 72 65 63 74 73 2c 69 3d 79 28 6e 29 2c 61 3d 30 3c 3d 5b 22 6c 65 66 74 22 2c 22 74 6f 70 22 5d 2e 69 6e 64 65 78 4f 66 28 69 29 3f 2d 31 3a 31 2c 73 3d 22 66 75 6e 63 74 69 6f 6e 22 3d
                                                                                                                                                                                  Data Ascii: Styles"]},Y={name:"offset",enabled:!0,phase:"main",requires:["popperOffsets"],fn:function(e){var t=e.state,n=e.name,r=void 0===(e=e.options.offset)?[0,0]:e,o=(e=C.reduce((function(e,n){var o=t.rects,i=y(n),a=0<=["left","top"].indexOf(i)?-1:1,s="function"=


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  12192.168.2.1749728104.18.10.2074435924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:25 UTC563OUTGET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
                                                                                                                                                                                  Host: stackpath.bootstrapcdn.com
                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                  Referer: https://www.zipthisapp.com/
                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                  2025-01-08 19:17:25 UTC967INHTTP/1.1 200 OK
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:25 GMT
                                                                                                                                                                                  Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  CDN-PullZone: 252412
                                                                                                                                                                                  CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
                                                                                                                                                                                  CDN-RequestCountryCode: US
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Cache-Control: public, max-age=31919000
                                                                                                                                                                                  ETag: W/"02d223393e00c273efdcb1ade8f4f8b1"
                                                                                                                                                                                  Last-Modified: Mon, 25 Jan 2021 22:04:11 GMT
                                                                                                                                                                                  CDN-ProxyVer: 1.07
                                                                                                                                                                                  CDN-RequestPullSuccess: True
                                                                                                                                                                                  CDN-RequestPullCode: 200
                                                                                                                                                                                  CDN-CachedAt: 12/15/2024 14:03:42
                                                                                                                                                                                  CDN-EdgeStorageId: 1236
                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                  cross-origin-resource-policy: cross-origin
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  CDN-Status: 200
                                                                                                                                                                                  CDN-RequestTime: 0
                                                                                                                                                                                  CDN-RequestId: c7d60c73de883c2c6db07ae1bfdc8432
                                                                                                                                                                                  CDN-Cache: HIT
                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                  Age: 1068936
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                  CF-RAY: 8fee8711ea77c431-EWR
                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                  2025-01-08 19:17:25 UTC402INData Raw: 37 62 65 63 0d 0a 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 35 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 30 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c
                                                                                                                                                                                  Data Ascii: 7bec/*! * Bootstrap v4.5.2 (https://getbootstrap.com/) * Copyright 2011-2020 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */!function(t,
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 69 6e 65 28 5b 22 65 78 70 6f 72 74 73 22 2c 22 6a 71 75 65 72 79 22 2c 22 70 6f 70 70 65 72 2e 6a 73 22 5d 2c 65 29 3a 65 28 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 62 6f 6f 74 73 74 72 61 70 3d 7b 7d 2c 74 2e 6a 51 75 65 72 79 2c 74 2e 50 6f 70 70 65 72 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 6e 5d 3b 69 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 69 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 69 2e 63 6f 6e 66
                                                                                                                                                                                  Data Ascii: ine(["exports","jquery","popper.js"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).bootstrap={},t.jQuery,t.Popper)}(this,(function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.conf
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 6f 61 74 28 69 29 3b 72 65 74 75 72 6e 20 6f 7c 7c 73 3f 28 6e 3d 6e 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 69 3d 69 2e 73 70 6c 69 74 28 22 2c 22 29 5b 30 5d 2c 31 65 33 2a 28 70 61 72 73 65 46 6c 6f 61 74 28 6e 29 2b 70 61 72 73 65 46 6c 6f 61 74 28 69 29 29 29 3a 30 7d 2c 72 65 66 6c 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 2c 74 72 69 67 67 65 72 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 65 28 74 29 2e 74 72 69 67 67 65 72 28 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 29 7d 2c 73 75 70 70 6f 72 74 73 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 28 22 74 72 61 6e 73 69
                                                                                                                                                                                  Data Ascii: oat(i);return o||s?(n=n.split(",")[0],i=i.split(",")[0],1e3*(parseFloat(n)+parseFloat(i))):0},reflow:function(t){return t.offsetHeight},triggerTransitionEnd:function(t){e(t).trigger("transitionend")},supportsTransitionEnd:function(){return Boolean("transi
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 2e 73 70 65 63 69 61 6c 5b 61 2e 54 52 41 4e 53 49 54 49 4f 4e 5f 45 4e 44 5d 3d 7b 62 69 6e 64 54 79 70 65 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 64 65 6c 65 67 61 74 65 54 79 70 65 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 68 61 6e 64 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 65 28 74 2e 74 61 72 67 65 74 29 2e 69 73 28 74 68 69 73 29 29 72 65 74 75 72 6e 20 74 2e 68 61 6e 64 6c 65 4f 62 6a 2e 68 61 6e 64 6c 65 72 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 3b 76 61 72 20 6c 3d 22 61 6c 65 72 74 22 2c 63 3d 65 2e 66 6e 5b 6c 5d 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 3d 74 7d 76 61 72 20 6e 3d 74 2e 70 72 6f 74
                                                                                                                                                                                  Data Ascii: .special[a.TRANSITION_END]={bindType:"transitionend",delegateType:"transitionend",handle:function(t){if(e(t.target).is(this))return t.handleObj.handler.apply(this,arguments)}};var l="alert",c=e.fn[l],h=function(){function t(t){this._element=t}var n=t.prot
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 2e 32 22 7d 7d 5d 29 2c 74 7d 28 29 3b 65 28 64 6f 63 75 6d 65 6e 74 29 2e 6f 6e 28 22 63 6c 69 63 6b 2e 62 73 2e 61 6c 65 72 74 2e 64 61 74 61 2d 61 70 69 22 2c 27 5b 64 61 74 61 2d 64 69 73 6d 69 73 73 3d 22 61 6c 65 72 74 22 5d 27 2c 68 2e 5f 68 61 6e 64 6c 65 44 69 73 6d 69 73 73 28 6e 65 77 20 68 29 29 2c 65 2e 66 6e 5b 6c 5d 3d 68 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 65 2e 66 6e 5b 6c 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 68 2c 65 2e 66 6e 5b 6c 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 66 6e 5b 6c 5d 3d 63 2c 68 2e 5f 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 7d 3b 76 61 72 20 75 3d 65 2e 66 6e 2e 62 75 74 74 6f 6e 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63
                                                                                                                                                                                  Data Ascii: .2"}}]),t}();e(document).on("click.bs.alert.data-api",'[data-dismiss="alert"]',h._handleDismiss(new h)),e.fn[l]=h._jQueryInterface,e.fn[l].Constructor=h,e.fn[l].noConflict=function(){return e.fn[l]=c,h._jQueryInterface};var u=e.fn.button,d=function(){func
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 74 29 7b 76 61 72 20 6e 3d 74 2e 74 61 72 67 65 74 2c 69 3d 6e 3b 69 66 28 65 28 6e 29 2e 68 61 73 43 6c 61 73 73 28 22 62 74 6e 22 29 7c 7c 28 6e 3d 65 28 6e 29 2e 63 6c 6f 73 65 73 74 28 22 2e 62 74 6e 22 29 5b 30 5d 29 2c 21 6e 7c 7c 6e 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 64 69 73 61 62 6c 65 64 22 29 29 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 65 6c 73 65 7b 76 61 72 20 6f 3d 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 69 6e 70 75 74 3a 6e 6f 74 28 5b 74 79 70 65 3d 22 68 69 64 64 65 6e 22 5d 29 27 29 3b 69 66 28 6f 26 26 28 6f 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7c 7c 6f 2e 63 6c
                                                                                                                                                                                  Data Ascii: t){var n=t.target,i=n;if(e(n).hasClass("btn")||(n=e(n).closest(".btn")[0]),!n||n.hasAttribute("disabled")||n.classList.contains("disabled"))t.preventDefault();else{var o=n.querySelector('input:not([type="hidden"])');if(o&&(o.hasAttribute("disabled")||o.cl
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 3a 22 28 6e 75 6d 62 65 72 7c 62 6f 6f 6c 65 61 6e 29 22 2c 6b 65 79 62 6f 61 72 64 3a 22 62 6f 6f 6c 65 61 6e 22 2c 73 6c 69 64 65 3a 22 28 62 6f 6f 6c 65 61 6e 7c 73 74 72 69 6e 67 29 22 2c 70 61 75 73 65 3a 22 28 73 74 72 69 6e 67 7c 62 6f 6f 6c 65 61 6e 29 22 2c 77 72 61 70 3a 22 62 6f 6f 6c 65 61 6e 22 2c 74 6f 75 63 68 3a 22 62 6f 6f 6c 65 61 6e 22 7d 2c 76 3d 7b 54 4f 55 43 48 3a 22 74 6f 75 63 68 22 2c 50 45 4e 3a 22 70 65 6e 22 7d 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 2c 65 29 7b 74 68 69 73 2e 5f 69 74 65 6d 73 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d
                                                                                                                                                                                  Data Ascii: :"(number|boolean)",keyboard:"boolean",slide:"(boolean|string)",pause:"(string|boolean)",wrap:"boolean",touch:"boolean"},v={TOUCH:"touch",PEN:"pen"},b=function(){function t(t,e){this._items=null,this._interval=null,this._activeElement=null,this._isPaused=
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 73 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 69 6e 64 28 74 68 69 73 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 29 29 7d 2c 6e 2e 74 6f 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 3b 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 3d 74 68 69 73 2e 5f 65 6c 65 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 61 63 74 69 76 65 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 22 29 3b 76 61 72 20 69 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 74 68 69 73 2e 5f 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 29 3b 69 66 28 21 28 74 3e 74 68 69 73 2e 5f 69 74 65 6d 73 2e 6c 65 6e 67 74 68 2d 31 7c 7c 74 3c 30 29 29 69 66 28 74 68 69 73 2e 5f 69 73 53 6c 69 64 69 6e 67 29 65 28
                                                                                                                                                                                  Data Ascii: sible:this.next).bind(this),this._config.interval))},n.to=function(t){var n=this;this._activeElement=this._element.querySelector(".active.carousel-item");var i=this._getItemIndex(this._activeElement);if(!(t>this._items.length-1||t<0))if(this._isSliding)e(
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 29 7b 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 26 26 76 5b 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 5d 3f 74 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 63 6c 69 65 6e 74 58 3a 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 7c 7c 28 74 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 74 6f 75 63 68 65 73 5b 30 5d 2e 63 6c 69 65 6e 74 58 29 7d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 26 26 76 5b 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 5d 26 26 28 74 2e 74 6f 75 63
                                                                                                                                                                                  Data Ascii: ){t._pointerEvent&&v[e.originalEvent.pointerType.toUpperCase()]?t.touchStartX=e.originalEvent.clientX:t._pointerEvent||(t.touchStartX=e.originalEvent.touches[0].clientX)},i=function(e){t._pointerEvent&&v[e.originalEvent.pointerType.toUpperCase()]&&(t.touc
                                                                                                                                                                                  2025-01-08 19:17:25 UTC1369INData Raw: 74 65 6d 49 6e 64 65 78 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 69 74 65 6d 73 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 5b 5d 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 2e 63 61 72 6f 75 73 65 6c 2d 69 74 65 6d 22 29 29 3a 5b 5d 2c 74 68 69 73 2e 5f 69 74 65 6d 73 2e 69 6e 64 65 78 4f 66 28 74 29 7d 2c 6e 2e 5f 67 65 74 49 74 65 6d 42 79 44 69 72 65 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 22 6e 65 78 74 22 3d 3d 3d 74 2c 69 3d 22 70 72 65 76 22 3d 3d 3d 74 2c 6f 3d 74 68 69 73 2e 5f 67 65 74 49 74 65 6d 49 6e 64 65 78 28 65 29 2c 73 3d 74 68 69 73 2e 5f 69 74 65 6d 73 2e 6c 65 6e 67 74
                                                                                                                                                                                  Data Ascii: temIndex=function(t){return this._items=t&&t.parentNode?[].slice.call(t.parentNode.querySelectorAll(".carousel-item")):[],this._items.indexOf(t)},n._getItemByDirection=function(t,e){var n="next"===t,i="prev"===t,o=this._getItemIndex(e),s=this._items.lengt


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  13192.168.2.17497335.161.105.73443704C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:51 UTC301OUTPOST /update/auth HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                  Host: tzpdld.com
                                                                                                                                                                                  Content-Length: 663
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:17:51 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:17:51 UTC663OUTData Raw: 7b 22 64 61 74 61 22 3a 22 37 37 32 4e 77 53 44 71 53 4c 53 6f 32 4a 41 48 6d 66 57 6d 43 4a 2f 42 5a 65 4a 52 41 30 6c 50 6e 42 39 79 54 2f 32 76 47 35 77 37 4d 59 50 77 43 67 67 64 37 4b 73 70 33 31 2b 49 78 4c 41 72 45 4e 55 6c 35 41 35 32 62 54 42 73 77 6b 57 69 35 6a 77 47 51 63 44 38 4a 63 46 79 35 38 48 63 73 70 45 31 58 31 6c 53 6f 58 71 79 42 5a 6b 77 4f 63 49 37 4b 76 58 57 36 49 2b 57 59 5a 49 6d 65 52 32 71 48 2b 54 54 61 6d 35 2f 33 34 30 44 5a 74 38 44 77 79 51 53 6f 4e 4f 6e 34 49 42 46 76 38 66 33 32 35 68 30 47 43 30 78 74 77 7a 75 68 43 51 65 72 47 64 71 6b 61 52 75 34 32 74 45 6a 4b 6e 61 44 58 69 36 59 73 35 2f 62 50 50 30 47 31 38 73 71 43 4a 6a 51 6c 58 4b 41 48 48 5a 6c 4d 63 50 4b 39 62 62 57 30 4d 58 31 6a 62 65 56 53 63 6e 36 54
                                                                                                                                                                                  Data Ascii: {"data":"772NwSDqSLSo2JAHmfWmCJ/BZeJRA0lPnB9yT/2vG5w7MYPwCggd7Ksp31+IxLArENUl5A52bTBswkWi5jwGQcD8JcFy58HcspE1X1lSoXqyBZkwOcI7KvXW6I+WYZImeR2qH+TTam5/340DZt8DwyQSoNOn4IBFv8f325h0GC0xtwzuhCQerGdqkaRu42tEjKnaDXi6Ys5/bPP0G18sqCJjQlXKAHHZlMcPK9bbW0MX1jbeVScn6T
                                                                                                                                                                                  2025-01-08 19:17:51 UTC353INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:51 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  X-Amz-Apigw-Id: EFVW9GoBoAMEBoA=
                                                                                                                                                                                  X-Amzn-Requestid: 23731798-ded4-4c4a-a414-3593850f05f9
                                                                                                                                                                                  X-Amzn-Trace-Id: Root=1-677ecf5f-4b0fdc03505664eb40e88b8f;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:17:51 UTC726INData Raw: 32 63 66 0d 0a 7b 22 63 6f 64 65 22 3a 32 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4f 4b 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 57 65 64 2c 20 30 38 20 4a 61 6e 20 32 30 32 35 20 31 39 3a 31 37 3a 35 31 20 47 4d 54 22 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 42 4d 6a 55 32 52 30 4e 4e 53 31 63 69 4c 43 4a 70 64 69 49 36 49 6d 5a 44 55 58 46 71 4e 47 70 6e 61 47 73 35 5a 47 78 32 55 33 51 69 4c 43 4a 30 59 57 63 69 4f 69 4a 61 65 48 4e 49 55 46 5a 76 4d 6e 52 78 61 33 6c 34 55 47 78 4f 5a 48 68 52 53 47 4e 42 49 69 77 69 5a 57 35 6a 49 6a 6f 69 51 54 49 31 4e 6b 4e 43 51 79 31 49 55 7a 55 78 4d 69 4a 39 2e 76 6c 49 5f 57 2d 5f 4b 6d 7a 4a 52 76 67 2d 43 4a 5a 5a 75 43 50 56 41 48 75
                                                                                                                                                                                  Data Ascii: 2cf{"code":200,"message":"OK","success":true,"timestamp":"Wed, 08 Jan 2025 19:17:51 GMT","token":"eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImZDUXFqNGpnaGs5ZGx2U3QiLCJ0YWciOiJaeHNIUFZvMnRxa3l4UGxOZHhRSGNBIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.vlI_W-_KmzJRvg-CJZZuCPVAHu
                                                                                                                                                                                  2025-01-08 19:17:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  14192.168.2.17497345.161.105.73443704C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:17:52 UTC918OUTGET /update/download HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                  Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6ImZDUXFqNGpnaGs5ZGx2U3QiLCJ0YWciOiJaeHNIUFZvMnRxa3l4UGxOZHhRSGNBIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.vlI_W-_KmzJRvg-CJZZuCPVAHu-2owT_cQUP3ajek_voeZ8u-UgkH8P9ZXthzgMSBC2Q6ZqqQFGlS3MrnjXfmA.H8dzYBOzDfp9VV2qQ22zoQ.OtiWjUNnIY_MSvDJYVdmsIAgbwkS_vB5KheeYhks_PxB0fPizUvTC4tkPwX4D7J1Lhx8xOoRE3edkMGIBUGtex6A0jLVZbvGlTyxIufndTWukb6xOusbx2mSJywo2WTW1UtsUAHGvivmOCL1fEmJ0wJey-Ww__nGWY3WV-0iOWmzHzzzxX_53-0egfZy4vGP8vhHWxJYuMrDY_2sBXHH_g3vtgpj4P9DIQeuFzEOxDRAI6JSL4y1Eo2n3OL8DrlxqErqZl1UtOY7gqqQWDBBC9GrI2RkrFqNZTXZhp0qURipL2Rx0ojineljmuQFbkCO.yXUj1Zp0_EycPJi-EcZQWLselY2WKCUMdzd5ABXuU3w
                                                                                                                                                                                  Additional-Args: {"userID": "6452faac-14b2-4f85-a1a3-5968697ad833", "instDate": "2025-01-08 19:17:15"}
                                                                                                                                                                                  Host: tzpdld.com
                                                                                                                                                                                  2025-01-08 19:17:56 UTC331INHTTP/1.1 400 Bad Request
                                                                                                                                                                                  Content-Length: 95
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:17:56 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  X-Amz-Apigw-Id: EFVXFFDtIAMEUcg=
                                                                                                                                                                                  X-Amzn-Requestid: accf34ef-22f5-4824-a1d1-634b6cff7503
                                                                                                                                                                                  X-Amzn-Trace-Id: Root=1-677ecf60-10ecb08c0ace5a652b3a43c7;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  2025-01-08 19:17:56 UTC95INData Raw: 7b 22 63 6f 64 65 22 3a 34 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 4f 20 55 50 44 41 54 45 53 22 2c 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 57 65 64 2c 20 30 38 20 4a 61 6e 20 32 30 32 35 20 31 39 3a 31 37 3a 35 36 20 47 4d 54 22 7d
                                                                                                                                                                                  Data Ascii: {"code":400,"message":"NO UPDATES","success":false,"timestamp":"Wed, 08 Jan 2025 19:17:56 GMT"}


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  15192.168.2.174973845.33.84.94431472C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:18:16 UTC154OUTPOST /r HTTP/1.1
                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                  Host: can.thisilient.com
                                                                                                                                                                                  Content-Length: 148
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:18:16 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:18:16 UTC148OUTData Raw: 56 30 46 63 58 55 42 6d 57 41 55 50 41 41 31 59 56 55 5a 62 45 41 52 76 55 6b 63 55 62 68 4d 52 41 41 4a 57 48 68 42 46 42 68 5a 74 58 6c 30 4f 41 67 30 44 56 67 51 45 55 56 55 5a 41 77 59 45 55 78 30 48 55 56 77 45 53 77 4e 51 42 41 41 56 55 41 39 56 58 41 51 4f 44 6c 4a 51 41 51 56 58 52 41 52 41 52 6d 74 62 56 6c 74 51 42 77 4d 44 58 41 46 54 56 46 4a 63 41 77 46 52 41 56 4a 53 46 46 4a 50 56 6c 70 4e 43 79 73 53 41 46 35 54 55 41 3d 3d
                                                                                                                                                                                  Data Ascii: V0FcXUBmWAUPAA1YVUZbEARvUkcUbhMRAAJWHhBFBhZtXl0OAg0DVgQEUVUZAwYEUx0HUVwESwNQBAAVUA9VXAQODlJQAQVXRARARmtbVltQBwMDXAFTVFJcAwFRAVJSFFJPVlpNCysSAF5TUA==
                                                                                                                                                                                  2025-01-08 19:18:17 UTC190INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:18:17 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  Via: 1.1 google
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:18:17 UTC65INData Raw: 33 62 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 4f 6b 20 66 72 6f 6d 20 72 65 70 6f 72 74 20 70 6f 73 74 20 73 65 72 76 69 63 65 20 50 4f 53 54 22 2c 22 73 74 61 74 75 73 22 3a 32 30 30 7d 0d 0a
                                                                                                                                                                                  Data Ascii: 3b{"message":"Ok from report post service POST","status":200}
                                                                                                                                                                                  2025-01-08 19:18:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  16192.168.2.17497395.161.105.734433748C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:18:31 UTC301OUTPOST /update/auth HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                  Host: tzpdld.com
                                                                                                                                                                                  Content-Length: 663
                                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2025-01-08 19:18:31 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                  2025-01-08 19:18:31 UTC663OUTData Raw: 7b 22 64 61 74 61 22 3a 22 37 37 32 4e 77 53 44 71 53 4c 53 6f 32 4a 41 48 6d 66 57 6d 43 4a 30 42 4e 75 76 53 33 55 30 6d 68 6c 71 42 2b 36 76 33 35 65 4d 37 6b 68 51 31 6b 71 78 36 74 6e 2f 56 5a 69 70 66 4b 63 52 72 76 59 4a 5a 42 38 59 74 2f 47 59 4b 47 6d 6d 4d 65 57 66 47 34 44 39 67 49 54 4c 4c 47 6e 6e 68 38 39 2f 45 73 65 70 51 31 54 2b 37 54 34 45 4f 64 57 54 58 68 6a 6c 43 68 41 48 32 56 56 52 6e 46 66 46 47 45 4a 4e 48 45 72 34 52 6a 59 4a 6c 47 69 48 65 43 4a 30 4e 30 71 66 6e 55 72 75 70 55 61 53 4f 49 33 61 2f 56 33 52 36 41 37 39 65 62 4a 39 31 34 45 49 35 5a 41 73 75 4b 43 64 59 53 2b 65 68 79 53 37 59 73 6b 4c 71 68 6b 68 35 64 65 49 36 44 4f 56 36 6e 37 4c 57 6d 31 78 57 78 74 45 64 31 68 51 6b 75 56 36 64 74 63 37 34 74 49 4a 59 78 52
                                                                                                                                                                                  Data Ascii: {"data":"772NwSDqSLSo2JAHmfWmCJ0BNuvS3U0mhlqB+6v35eM7khQ1kqx6tn/VZipfKcRrvYJZB8Yt/GYKGmmMeWfG4D9gITLLGnnh89/EsepQ1T+7T4EOdWTXhjlChAH2VVRnFfFGEJNHEr4RjYJlGiHeCJ0N0qfnUrupUaSOI3a/V3R6A79ebJ914EI5ZAsuKCdYS+ehyS7YskLqhkh5deI6DOV6n7LWm1xWxtEd1hQkuV6dtc74tIJYxR
                                                                                                                                                                                  2025-01-08 19:18:31 UTC353INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:18:31 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                  X-Amz-Apigw-Id: EFVdSFT1oAMEe0w=
                                                                                                                                                                                  X-Amzn-Requestid: 637c6dc0-d52b-4886-a20a-a35ee266a680
                                                                                                                                                                                  X-Amzn-Trace-Id: Root=1-677ecf87-270b870313cef07e7f6d4185;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                  2025-01-08 19:18:31 UTC726INData Raw: 32 63 66 0d 0a 7b 22 63 6f 64 65 22 3a 32 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4f 4b 22 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 57 65 64 2c 20 30 38 20 4a 61 6e 20 32 30 32 35 20 31 39 3a 31 38 3a 33 31 20 47 4d 54 22 2c 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 42 4d 6a 55 32 52 30 4e 4e 53 31 63 69 4c 43 4a 70 64 69 49 36 49 6b 31 73 63 45 52 73 55 44 56 4c 62 6c 4a 79 55 33 68 47 4e 48 41 69 4c 43 4a 30 59 57 63 69 4f 69 4a 6b 63 54 56 75 4d 55 6c 68 58 31 4a 6a 59 32 68 4d 4e 48 59 31 4f 56 51 77 4d 47 56 52 49 69 77 69 5a 57 35 6a 49 6a 6f 69 51 54 49 31 4e 6b 4e 43 51 79 31 49 55 7a 55 78 4d 69 4a 39 2e 5a 34 45 64 37 34 73 78 50 72 6a 47 37 37 6b 33 61 31 54 41 35 7a 37 61 5a 47
                                                                                                                                                                                  Data Ascii: 2cf{"code":200,"message":"OK","success":true,"timestamp":"Wed, 08 Jan 2025 19:18:31 GMT","token":"eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6Ik1scERsUDVLblJyU3hGNHAiLCJ0YWciOiJkcTVuMUlhX1JjY2hMNHY1OVQwMGVRIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.Z4Ed74sxPrjG77k3a1TA5z7aZG
                                                                                                                                                                                  2025-01-08 19:18:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  17192.168.2.17497405.161.105.734433748C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2025-01-08 19:18:32 UTC918OUTGET /update/download HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
                                                                                                                                                                                  Authorization: jwe eyJhbGciOiJBMjU2R0NNS1ciLCJpdiI6Ik1scERsUDVLblJyU3hGNHAiLCJ0YWciOiJkcTVuMUlhX1JjY2hMNHY1OVQwMGVRIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.Z4Ed74sxPrjG77k3a1TA5z7aZGd8rWAJXEOpveBea8YFpotdn5mPiJYDychllGw4CgExIxqdTaMsCMgOYn9Blg.Bpg30ehPEMRc5q-KiKwxGQ.yY28ELzL6b2iRUegg189GzOo1VcaY4aXzL1oF77CCBPZSXmT5qQcuBOVktiZ1oeVTvCVcFUU3KaJH_zs1GbHLusi_5_UcDSJPRVPSfcR-ng5Gz1C7MoqfGmHI7-ElV0y3N9WmhUvDVCeWqUedlMsl2MRv65JX5RDCPET9IwBXBMFNP175aU286uJC9VpMVRCy8RL_MZ6RSXCBwVFcN6yb8_J7CvjSTZr16SLxVKwwe6ZO7BVi5syOc_8-SopIwOeOhx2hE6NjlVGsP21EGANpOeCeJmQoU4TpjnTEManxnpODkOBME8pMy2iMzWwEs8f.-rvLNPXRiYhOrWU_MZSQrioMlO66o8kwTqyOmkV_mVs
                                                                                                                                                                                  Additional-Args: {"userID": "6452faac-14b2-4f85-a1a3-5968697ad833", "instDate": "2025-01-08 19:17:15"}
                                                                                                                                                                                  Host: tzpdld.com
                                                                                                                                                                                  2025-01-08 19:18:32 UTC331INHTTP/1.1 400 Bad Request
                                                                                                                                                                                  Content-Length: 95
                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                  Date: Wed, 08 Jan 2025 19:18:32 GMT
                                                                                                                                                                                  Server: Nginx
                                                                                                                                                                                  X-Amz-Apigw-Id: EFVdaGJ1IAMEKCg=
                                                                                                                                                                                  X-Amzn-Requestid: 97725740-87e0-473e-9f78-977ab1b662e1
                                                                                                                                                                                  X-Amzn-Trace-Id: Root=1-677ecf88-4adb20bc48297f2c61442a11;Sampled=1;Lineage=1:41f2c0ed:0
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  2025-01-08 19:18:32 UTC95INData Raw: 7b 22 63 6f 64 65 22 3a 34 30 30 2c 22 6d 65 73 73 61 67 65 22 3a 22 4e 4f 20 55 50 44 41 54 45 53 22 2c 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 57 65 64 2c 20 30 38 20 4a 61 6e 20 32 30 32 35 20 31 39 3a 31 38 3a 33 32 20 47 4d 54 22 7d
                                                                                                                                                                                  Data Ascii: {"code":400,"message":"NO UPDATES","success":false,"timestamp":"Wed, 08 Jan 2025 19:18:32 GMT"}


                                                                                                                                                                                  Statistics

                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                  Start time:14:16:58
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Users\user\Desktop\ZipThis.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\ZipThis.exe"
                                                                                                                                                                                  Imagebase:0x22f7b340000
                                                                                                                                                                                  File size:2'820'904 bytes
                                                                                                                                                                                  MD5 hash:22A6CB7348B496600E7151A8112CBAC9
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                  Start time:14:17:04
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"powershell.exe" -ep RemoteSigned -File "C:\Users\user\AppData\Local\ZipThis\update_task_ad.ps1"
                                                                                                                                                                                  Imagebase:0x7ff711290000
                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:14:17:04
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                  Imagebase:0x7ff772470000
                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                  Start time:14:17:05
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                  Imagebase:0x7ff7ca9b0000
                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                  Start time:14:17:19
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.zipthisapp.com/success?u=6452faac-14b2-4f85-a1a3-5968697ad833
                                                                                                                                                                                  Imagebase:0x7ff7d6f10000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                  Start time:14:17:21
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1992,i,15463440433173817224,3086299219128565272,262144 /prefetch:8
                                                                                                                                                                                  Imagebase:0x7ff7d6f10000
                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                  MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                  Start time:14:17:22
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
                                                                                                                                                                                  Imagebase:0x1e8ab2a0000
                                                                                                                                                                                  File size:512'296 bytes
                                                                                                                                                                                  MD5 hash:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 4%, ReversingLabs
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                  Start time:14:17:32
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                  Imagebase:0x7ff616d00000
                                                                                                                                                                                  File size:71'680 bytes
                                                                                                                                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                  Start time:14:17:49
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\ZipThis\Updater.exe"
                                                                                                                                                                                  Imagebase:0x1f6d0be0000
                                                                                                                                                                                  File size:20'776 bytes
                                                                                                                                                                                  MD5 hash:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 11%, ReversingLabs
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                  Start time:14:18:15
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\ZipThis\ZipThisApp.exe"
                                                                                                                                                                                  Imagebase:0x28b16670000
                                                                                                                                                                                  File size:512'296 bytes
                                                                                                                                                                                  MD5 hash:9AF46426A5C164310DDD6FB6E77D78C2
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                  Start time:14:18:30
                                                                                                                                                                                  Start date:08/01/2025
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\ZipThis\Updater.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\ZipThis\Updater.exe"
                                                                                                                                                                                  Imagebase:0x1f880a30000
                                                                                                                                                                                  File size:20'776 bytes
                                                                                                                                                                                  MD5 hash:8F3972F98564FC9D1E3E5A3840A0DA85
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  Reset < >

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:13.7%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:3
                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                    execution_graph 8840 7ff9cd2843fc 8842 7ff9cd284405 LoadLibraryExW 8840->8842 8843 7ff9cd2844ad 8842->8843

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD28ED28 Relevance: 1.8, Strings: 1, Instructions: 527COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 7ff9cd28ed28-7ff9cd2910f7 call 7ff9cd28ee18 4 7ff9cd291101-7ff9cd291111 0->4 5 7ff9cd2910f9-7ff9cd2910ff 0->5 6 7ff9cd291113-7ff9cd291117 4->6 5->6 7 7ff9cd291119 6->7 8 7ff9cd29118b-7ff9cd291196 6->8 9 7ff9cd291413-7ff9cd291447 call 7ff9cd290928 call 7ff9cd28ee40 7->9 8->9 10 7ff9cd29119c 8->10 38 7ff9cd29144e-7ff9cd2914a2 call 7ff9cd290968 call 7ff9cd28ee40 9->38 11 7ff9cd29111e-7ff9cd291145 call 7ff9cd290ef0 10->11 18 7ff9cd291147-7ff9cd291151 11->18 19 7ff9cd29119e-7ff9cd2911a6 11->19 21 7ff9cd291157-7ff9cd29116c 18->21 22 7ff9cd2913b0-7ff9cd2913c0 18->22 23 7ff9cd2911a8 19->23 24 7ff9cd2911ab-7ff9cd2911b5 19->24 25 7ff9cd291172 21->25 26 7ff9cd2913c7-7ff9cd2913d2 21->26 22->26 23->24 27 7ff9cd2911c2-7ff9cd2911c6 24->27 28 7ff9cd2911b7-7ff9cd2911c0 24->28 32 7ff9cd2913d8-7ff9cd29140c call 7ff9cd290970 call 7ff9cd28ee40 25->32 31 7ff9cd291177-7ff9cd291189 26->31 26->32 29 7ff9cd2911cb-7ff9cd2911ce 27->29 28->29 33 7ff9cd2911d4-7ff9cd2911e1 29->33 34 7ff9cd291285-7ff9cd29128b 29->34 31->8 32->9 36 7ff9cd291296-7ff9cd2912a5 33->36 37 7ff9cd2911e7-7ff9cd2911f2 33->37 34->38 40 7ff9cd291291 34->40 41 7ff9cd2911f4-7ff9cd2911fb 36->41 37->41 78 7ff9cd2914a9-7ff9cd2914fd call 7ff9cd290970 call 7ff9cd28ee40 38->78 40->33 44 7ff9cd291201-7ff9cd291225 call 7ff9cd28ed38 call 7ff9cd290ef0 41->44 45 7ff9cd2912aa-7ff9cd2912b5 41->45 66 7ff9cd29122b-7ff9cd29122f 44->66 67 7ff9cd2912bc-7ff9cd2912ce 44->67 51 7ff9cd2912b7 45->51 52 7ff9cd291240-7ff9cd291243 45->52 51->44 55 7ff9cd291249-7ff9cd29126b 52->55 56 7ff9cd2912ed-7ff9cd29134a call 7ff9cd28ed30 call 7ff9cd290d40 call 7ff9cd290ef0 52->56 55->56 76 7ff9cd291271-7ff9cd291280 call 7ff9cd290ef0 55->76 87 7ff9cd291357-7ff9cd29135b 56->87 88 7ff9cd29134c-7ff9cd291355 56->88 70 7ff9cd291231-7ff9cd291235 66->70 67->70 73 7ff9cd2912d3-7ff9cd2912de 70->73 74 7ff9cd29123b 70->74 73->78 79 7ff9cd2912e4-7ff9cd2912e7 73->79 74->78 76->18 98 7ff9cd291504-7ff9cd29156d call 7ff9cd290970 call 7ff9cd28ee40 78->98 79->55 79->56 90 7ff9cd291360-7ff9cd291363 87->90 88->90 92 7ff9cd291371-7ff9cd29137b 90->92 93 7ff9cd291365-7ff9cd29136b 90->93 94 7ff9cd291388-7ff9cd29138c 92->94 95 7ff9cd29137d-7ff9cd291386 92->95 93->18 93->92 97 7ff9cd291391-7ff9cd291394 94->97 95->97 97->98 99 7ff9cd29139a-7ff9cd2913a5 97->99 110 7ff9cd291577-7ff9cd2915a5 98->110 111 7ff9cd29156f-7ff9cd291576 98->111 99->98 100 7ff9cd2913ab 99->100 100->11 113 7ff9cd2915e2-7ff9cd2915f6 110->113 114 7ff9cd2915a7-7ff9cd2915c5 110->114 111->110 115 7ff9cd2915f7-7ff9cd291633 114->115 116 7ff9cd2915c7-7ff9cd2915e1 114->116 119 7ff9cd29163a-7ff9cd291643 115->119 120 7ff9cd291635 call 7ff9cd290ef0 115->120 121 7ff9cd291645-7ff9cd29164c 119->121 122 7ff9cd29164d-7ff9cd291655 119->122 120->119 123 7ff9cd291657 122->123 124 7ff9cd29165a-7ff9cd29167a call 7ff9cd28ed88 122->124 123->124 127 7ff9cd29168b-7ff9cd291699 call 7ff9cd28ed48 124->127 128 7ff9cd29167c-7ff9cd29167f call 7ff9cd28ed50 124->128 131 7ff9cd291684-7ff9cd29168a 128->131
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: s'
                                                                                                                                                                                    • API String ID: 0-1160317890
                                                                                                                                                                                    • Opcode ID: 310fd562f3b2a1f3c91c16d10141cc6eebb647633a94d8d574163c1b9007daeb
                                                                                                                                                                                    • Instruction ID: a83a55bbfe1120a5b157c2dd8c12394d2a4b6710c36a2e3c0a9caf6dcc8ee420
                                                                                                                                                                                    • Opcode Fuzzy Hash: 310fd562f3b2a1f3c91c16d10141cc6eebb647633a94d8d574163c1b9007daeb
                                                                                                                                                                                    • Instruction Fuzzy Hash: E0F12521F0CA5B4BE75ADB298441379B7D1EF85320F54217FE49EC31D2EE69B8428B81
                                                                                                                                                                                    Function 00007FF9CD28EDA8 Relevance: .6, Instructions: 627COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 239 7ff9cd28eda8-7ff9cd292923 242 7ff9cd292a12-7ff9cd292a15 239->242 243 7ff9cd292929-7ff9cd29295d call 7ff9cd292350 239->243 245 7ff9cd292a57-7ff9cd292a5a 242->245 246 7ff9cd292a17-7ff9cd292a1f call 7ff9cd27a910 242->246 255 7ff9cd292983-7ff9cd29298c 243->255 256 7ff9cd29295f-7ff9cd29297e 243->256 249 7ff9cd292a6b-7ff9cd292a74 245->249 250 7ff9cd292a5c-7ff9cd292a69 call 7ff9cd28edd8 245->250 252 7ff9cd292a24-7ff9cd292a27 246->252 259 7ff9cd292a76-7ff9cd292ab2 call 7ff9cd28ede0 249->259 250->249 250->259 252->245 258 7ff9cd292a29-7ff9cd292a52 252->258 261 7ff9cd2929b3-7ff9cd2929b6 255->261 262 7ff9cd29298e-7ff9cd29299e 255->262 272 7ff9cd292d03-7ff9cd292d15 256->272 275 7ff9cd292dc8-7ff9cd292dde 258->275 282 7ff9cd292ab8-7ff9cd292acc 259->282 283 7ff9cd292ccd-7ff9cd292cd0 259->283 261->242 266 7ff9cd2929b8-7ff9cd2929bd 261->266 262->261 269 7ff9cd2929bf-7ff9cd2929d6 266->269 270 7ff9cd2929f0-7ff9cd292a0d 266->270 269->270 277 7ff9cd2929d8-7ff9cd2929dc 269->277 270->242 279 7ff9cd2929e2-7ff9cd2929eb 277->279 280 7ff9cd292ddf-7ff9cd292dfb 277->280 279->272 294 7ff9cd292e02-7ff9cd292e10 280->294 292 7ff9cd292ad2-7ff9cd292add 282->292 293 7ff9cd292fb3-7ff9cd292fdd 282->293 285 7ff9cd292cd2-7ff9cd292cee call 7ff9cd270248 283->285 286 7ff9cd292d16-7ff9cd292d3e 283->286 285->286 302 7ff9cd292cf0-7ff9cd292cf4 285->302 286->275 295 7ff9cd292ade 292->295 296 7ff9cd292adf-7ff9cd292ae8 292->296 303 7ff9cd292fe4-7ff9cd293009 293->303 304 7ff9cd292fdf 293->304 297 7ff9cd292e7b-7ff9cd292ebf 294->297 295->296 305 7ff9cd292b16-7ff9cd292b2a 296->305 306 7ff9cd292aea-7ff9cd292af5 296->306 319 7ff9cd292ec1-7ff9cd292ecf 297->319 320 7ff9cd292f3a-7ff9cd292fac 297->320 302->297 307 7ff9cd292cfa-7ff9cd292d01 302->307 304->303 305->293 314 7ff9cd292b30-7ff9cd292b41 call 7ff9cd28edd8 305->314 306->295 310 7ff9cd292af7-7ff9cd292afc 306->310 307->272 310->305 312 7ff9cd292afe-7ff9cd292b02 310->312 312->294 315 7ff9cd292b08-7ff9cd292b11 312->315 321 7ff9cd292b43-7ff9cd292b60 314->321 322 7ff9cd292b65-7ff9cd292b88 314->322 315->272 319->320 320->293 329 7ff9cd292c01-7ff9cd292c04 321->329 322->329 329->283 331 7ff9cd292c0a-7ff9cd292c74 call 7ff9cd292350 329->331 339 7ff9cd292c76-7ff9cd292ca1 331->339 340 7ff9cd292cba-7ff9cd292cc8 331->340 339->340 340->275
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: fd81ca9b1ce0af0ebea402318a903f996849b9dc322a9a2cc13f1f25a9de5171
                                                                                                                                                                                    • Instruction ID: fec954b1143fd350759b9a899942e6acfe55fac3f88e4d93cd74d65e817b88b6
                                                                                                                                                                                    • Opcode Fuzzy Hash: fd81ca9b1ce0af0ebea402318a903f996849b9dc322a9a2cc13f1f25a9de5171
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B022631B1CA4A4FEB58DF2C98557BA7BD1EF49320F4441BAD44DD7292ED65B802CB40
                                                                                                                                                                                    Function 00007FF9CD292350 Relevance: .6, Instructions: 581COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 344 7ff9cd292350-7ff9cd29236e 345 7ff9cd2923d1-7ff9cd2923dc call 7ff9cd270248 344->345 346 7ff9cd292370-7ff9cd292382 344->346 352 7ff9cd2923f9-7ff9cd29241f 345->352 353 7ff9cd2923de-7ff9cd2923e2 345->353 350 7ff9cd292384-7ff9cd2923a4 346->350 351 7ff9cd2923a6-7ff9cd2923b0 call 7ff9cd28ede8 346->351 358 7ff9cd2923e9-7ff9cd2923f8 350->358 360 7ff9cd2923b2-7ff9cd2923b4 351->360 361 7ff9cd2923c9-7ff9cd2923cf 351->361 362 7ff9cd292430-7ff9cd292469 call 7ff9cd2909a0 352->362 353->358 360->362 363 7ff9cd2923b6-7ff9cd2923c8 360->363 361->358 369 7ff9cd29246b 362->369 370 7ff9cd29246d-7ff9cd2924ac 362->370 369->370 371 7ff9cd2924ad-7ff9cd2924c0 369->371 370->371 374 7ff9cd2924c2-7ff9cd2924d9 call 7ff9cd28eda8 371->374 375 7ff9cd2924e7-7ff9cd2924ff 371->375 378 7ff9cd2924de-7ff9cd2924e2 374->378 379 7ff9cd292541-7ff9cd292544 375->379 380 7ff9cd292501-7ff9cd292518 call 7ff9cd28edc8 375->380 383 7ff9cd292734-7ff9cd292744 378->383 381 7ff9cd292556-7ff9cd292562 379->381 382 7ff9cd292546-7ff9cd292554 call 7ff9cd270248 379->382 386 7ff9cd29251d-7ff9cd29251f 380->386 393 7ff9cd292700-7ff9cd292711 381->393 382->381 392 7ff9cd292567-7ff9cd292586 382->392 389 7ff9cd292521-7ff9cd29252e 386->389 390 7ff9cd292533-7ff9cd29253c 386->390 389->393 391 7ff9cd292721-7ff9cd29272f 390->391 397 7ff9cd292588-7ff9cd2925ba 392->397 398 7ff9cd2925bf-7ff9cd2925e2 392->398 405 7ff9cd292730-7ff9cd292731 397->405 403 7ff9cd2925e8-7ff9cd2925ee 398->403 404 7ff9cd2926de-7ff9cd2926f2 398->404 406 7ff9cd292601-7ff9cd292604 403->406 407 7ff9cd2925f0-7ff9cd292600 403->407 413 7ff9cd292712-7ff9cd292716 404->413 414 7ff9cd2926f4-7ff9cd2926f9 404->414 405->383 409 7ff9cd292606-7ff9cd292613 406->409 410 7ff9cd29266d-7ff9cd2926a3 406->410 407->406 418 7ff9cd292615-7ff9cd292626 409->418 419 7ff9cd292627-7ff9cd29266b 409->419 424 7ff9cd2926aa-7ff9cd2926dc 410->424 415 7ff9cd292745-7ff9cd2927e4 call 7ff9cd2908f0 413->415 416 7ff9cd292718-7ff9cd29271f 413->416 414->393 439 7ff9cd2927e6 415->439 440 7ff9cd2927eb-7ff9cd29280c 415->440 416->391 418->419 419->424 424->405 439->440
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b52e2c7b84e9515bca7349ca3652c49828045560b78b4cfe8926afbc8c6b90b8
                                                                                                                                                                                    • Instruction ID: dc1a21e65e9cff47414d1b92023ae44bbf108fadfd61463013fb769c74ffd708
                                                                                                                                                                                    • Opcode Fuzzy Hash: b52e2c7b84e9515bca7349ca3652c49828045560b78b4cfe8926afbc8c6b90b8
                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F15A21B1CA4A0FE758EF2C58552FA7BD2EF89360B4451BFE44DD7292ED25B802C780
                                                                                                                                                                                    Function 00007FF9CD28ED20 Relevance: .4, Instructions: 403COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 484976f67e5342372f187a395fae4c6578d858d573dd25277d3958be2998bf27
                                                                                                                                                                                    • Instruction ID: 04648c29e8c9435ecb7c38730299f50c3add50ea7cb74ddeeffb9f12a2909480
                                                                                                                                                                                    • Opcode Fuzzy Hash: 484976f67e5342372f187a395fae4c6578d858d573dd25277d3958be2998bf27
                                                                                                                                                                                    • Instruction Fuzzy Hash: 92C12221F0CA5B4FE75A9A29844537A77C1EF86361F14217FE49EC31D2EE69B8038781
                                                                                                                                                                                    Function 00007FF9CD2843FC Relevance: 1.6, APIs: 1, Instructions: 111libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 133 7ff9cd2843fc-7ff9cd284403 134 7ff9cd28440e-7ff9cd28446f 133->134 135 7ff9cd284405-7ff9cd28440d 133->135 138 7ff9cd284479-7ff9cd2844ab LoadLibraryExW 134->138 139 7ff9cd284471-7ff9cd284476 134->139 135->134 140 7ff9cd2844ad 138->140 141 7ff9cd2844b3-7ff9cd2844da 138->141 139->138 140->141
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                    • Opcode ID: 16c9ab9f444e4d48b958f42562ef82e34fbdc00b72b3145c3df6a56760ffcf3f
                                                                                                                                                                                    • Instruction ID: a457cb0b0f2973205fea605e350739aab8345eebb7f64498959c3a49c8aa4f86
                                                                                                                                                                                    • Opcode Fuzzy Hash: 16c9ab9f444e4d48b958f42562ef82e34fbdc00b72b3145c3df6a56760ffcf3f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731E13190CA4D8FDB59DB688845BE9BBF1FF56320F04826FD049D3152DB74A8168B91
                                                                                                                                                                                    Function 00007FF9CD283F02 Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 143 7ff9cd283f02-7ff9cd28446f 146 7ff9cd284479-7ff9cd2844ab LoadLibraryExW 143->146 147 7ff9cd284471-7ff9cd284476 143->147 148 7ff9cd2844ad 146->148 149 7ff9cd2844b3-7ff9cd2844da 146->149 147->146 148->149
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                    • Opcode ID: 82aefd9d9198d2dec7b9614d223b3bdaa196ace09eeeef72e0cf9eceec9d1463
                                                                                                                                                                                    • Instruction ID: ff2d443d8a2f6d88408eebb6d3592723d9534c0b31cff730b1ae93771a1abb91
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82aefd9d9198d2dec7b9614d223b3bdaa196ace09eeeef72e0cf9eceec9d1463
                                                                                                                                                                                    • Instruction Fuzzy Hash: 36218071908A1D9FDB58DF588849BF9BBF1FB69321F00822FD00ED3651DB70A4168B81
                                                                                                                                                                                    Function 00007FF9CD15E24A Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 151 7ff9cd15e24a-7ff9cd15e280 153 7ff9cd15e282-7ff9cd15e290 151->153 154 7ff9cd15e293-7ff9cd15e2a1 151->154 153->154 157 7ff9cd15e2cf 154->157 158 7ff9cd15e2a3-7ff9cd15e2a6 154->158 160 7ff9cd15e2a9-7ff9cd15e2ab 157->160 161 7ff9cd15e2d1 157->161 158->160 160->157 162 7ff9cd15e2e8-7ff9cd15e309 161->162 163 7ff9cd15e2d3-7ff9cd15e2e5 161->163 166 7ff9cd15e31a-7ff9cd15e31c 162->166 167 7ff9cd15e30b-7ff9cd15e315 162->167 163->162 169 7ff9cd15e31d-7ff9cd15e38b 166->169 167->169 170 7ff9cd15e317 167->170 174 7ff9cd15e38d-7ff9cd15e394 169->174 170->166 175 7ff9cd15e3bb-7ff9cd15e3d0 174->175 176 7ff9cd15e396-7ff9cd15e3af 174->176 177 7ff9cd15e3b3-7ff9cd15e3b9 176->177 177->174
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1442901324.00007FF9CD15D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD15D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd15d000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: `{k+
                                                                                                                                                                                    • API String ID: 0-1752425602
                                                                                                                                                                                    • Opcode ID: 0998724a156d57f401ccb57fc7c264403531c9f131ed7206717f514a9a8b9c27
                                                                                                                                                                                    • Instruction ID: 0d50d582687ba7fba501b0582044483f4e86d519598f552aed07bb80828f1368
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0998724a156d57f401ccb57fc7c264403531c9f131ed7206717f514a9a8b9c27
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4251E87190CBC68FE769DF2888459623FF0EF56710B1405EFE088CB1A6E669F845CB52
                                                                                                                                                                                    Function 00007FF9CD15E2C0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1442901324.00007FF9CD15D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD15D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd15d000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a758c6915cd6ebc279d442e43f2bd9b0e8084ad032ccbe3ff7e295dd42fd5654
                                                                                                                                                                                    • Instruction ID: b85859409f60c02c46ae3506aa0536f320a20af6f8b5e4e9f4fe54a9b933a444
                                                                                                                                                                                    • Opcode Fuzzy Hash: a758c6915cd6ebc279d442e43f2bd9b0e8084ad032ccbe3ff7e295dd42fd5654
                                                                                                                                                                                    • Instruction Fuzzy Hash: D631E66090DBC68FE76ACF288855A223FB1EF56710B1901EFD088CB197E55DF805CB51

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 00007FF9CD275DE6 Relevance: 4.2, Strings: 3, Instructions: 499COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: M_I$M_I$M_I
                                                                                                                                                                                    • API String ID: 0-2485614668
                                                                                                                                                                                    • Opcode ID: fc5bc4a1772fcbf3207d16c1c3a9ebf8efd770c3b9dbeed4b52fefac2dbc2fdc
                                                                                                                                                                                    • Instruction ID: 59be58d4073e4dd0b9d154ec9f869745bad30308948bd09d95a35357a5f6a26f
                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5bc4a1772fcbf3207d16c1c3a9ebf8efd770c3b9dbeed4b52fefac2dbc2fdc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 11F1B953F0E6C31FE262DB286C756B96F50AF5325570A51FBC4E8CA0D7BC0978098A92
                                                                                                                                                                                    Function 00007FF9CD2737CA Relevance: .9, Instructions: 930COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 018507805471ca35943e6217a28e0295d93d2a9e1ef7b4842fc3645f759e2090
                                                                                                                                                                                    • Instruction ID: 4b7cedb40327680124fb1b6dc3817720578247c7fe99d155cb3ce96c8b369181
                                                                                                                                                                                    • Opcode Fuzzy Hash: 018507805471ca35943e6217a28e0295d93d2a9e1ef7b4842fc3645f759e2090
                                                                                                                                                                                    • Instruction Fuzzy Hash: 784291B3E0D7D38BE326DA5CD8B61E17F60EF9236570A11B7C0A4CA083BD5534568B91
                                                                                                                                                                                    Function 00007FF9CD277E2C Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7151e0e79b93411fa2356b95b3a39e3a13dd2c191d60af42d6f021303055c2ff
                                                                                                                                                                                    • Instruction ID: fbcd861e9fe6c2febdfbbea811b87973d1ed2b83c19d8f95655929646ae2c9ea
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7151e0e79b93411fa2356b95b3a39e3a13dd2c191d60af42d6f021303055c2ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F18712D0D6C10FE376DB7D5DB62A17F90AF2A211B0A11FBC4D8DA1D3E84D68858793
                                                                                                                                                                                    Function 00007FF9CD279532 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5f6ea43f89333e514af3597b9c73f9280ed646154259a7d546947ab7e5b86bb4
                                                                                                                                                                                    • Instruction ID: 43bb9b6bf06a08b58e4a6c86bdbd08a43427876b64fbecfb53f559565a1b021d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f6ea43f89333e514af3597b9c73f9280ed646154259a7d546947ab7e5b86bb4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 07915B4061E9D69FD353E3B858AA9EA7FE1CF4B20178C48E9C0C98F4A3D84E6457D741
                                                                                                                                                                                    Function 00007FF9CD271FC8 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 91a5ff6e2de43c498c013a41ccf198439ff8a83b5bb50abca8833a247b56d660
                                                                                                                                                                                    • Instruction ID: ee424015f8e8b8372b6768914e8922a70baff55554937ebd3daa78a93566016f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 91a5ff6e2de43c498c013a41ccf198439ff8a83b5bb50abca8833a247b56d660
                                                                                                                                                                                    • Instruction Fuzzy Hash: 686197A7B0D7D35BE226DB6C98BA2E23F50DF5376470A10B7D195CA053BD482806CAA1
                                                                                                                                                                                    Function 00007FF9CD27F1C2 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000001.00000002.1444036476.00007FF9CD270000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD270000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ff9cd270000_ZipThis.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3ad2c362dca9ac92094dd5f2631f989f38da698357ea783f5a94f4d69ec722b1
                                                                                                                                                                                    • Instruction ID: a3fb7a34dd9cd4286044b4b7dd75d6a7fb43e7a743a5e363f712dac0b5b7ceaf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ad2c362dca9ac92094dd5f2631f989f38da698357ea783f5a94f4d69ec722b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21D112A1D2A29FE312F73CACA20F97BA0EF5333570485F7D0988B092E918284BC751

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:2.1%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:16
                                                                                                                                                                                    Total number of Limit Nodes:2
                                                                                                                                                                                    execution_graph 44708 7ff9cd2850b8 44709 7ff9cd2850cf 44708->44709 44712 7ff9cd2844b0 44709->44712 44711 7ff9cd285133 44713 7ff9cd2844b5 44712->44713 44714 7ff9cd29cf93 GetSystemInfo 44713->44714 44716 7ff9cd29cf00 44713->44716 44715 7ff9cd29cfce 44714->44715 44715->44711 44716->44711 44717 7ff9cd2844b3 44718 7ff9cd2844bd 44717->44718 44719 7ff9cd29cf93 GetSystemInfo 44718->44719 44721 7ff9cd29cf00 44718->44721 44720 7ff9cd29cfce 44719->44720 44704 7ff9cd287f81 44705 7ff9cd287f8f GetFileAttributesW 44704->44705 44707 7ff9cd288036 44705->44707

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD284462 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1279265600.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd280000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d6980e5c06643809565f60c3b1704985be1ffedaf841fa4afea9199ec5346c9d
                                                                                                                                                                                    • Instruction ID: cb771238743ef7f5bb66bef49ef54bc82cd4292e1f204f2d1254fe39ab172c9d
                                                                                                                                                                                    • Opcode Fuzzy Hash: d6980e5c06643809565f60c3b1704985be1ffedaf841fa4afea9199ec5346c9d
                                                                                                                                                                                    • Instruction Fuzzy Hash: DA513A72A0CA4A4FE758DB6888197F87BE1FF65320F04427FD058D3482EBA57506CB81
                                                                                                                                                                                    Function 00007FF9CD8A26CD Relevance: .8, Instructions: 818COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1289590893.00007FF9CD890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD890000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd890000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c3f5907175920a0ac31c07127af31e13c199f64376520c551d143169a602852b
                                                                                                                                                                                    • Instruction ID: 4237d081c25389836093cf921784577e80f23a12ff745c586ee2ae1204b888a1
                                                                                                                                                                                    • Opcode Fuzzy Hash: c3f5907175920a0ac31c07127af31e13c199f64376520c551d143169a602852b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4342E121A0CA8B4FF76DDB2884557B677D1EF55300F1425BAD09EC7293EA68B942CB80
                                                                                                                                                                                    Function 00007FF9CD64EE9A Relevance: .5, Instructions: 519COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 588 7ff9cd64ee9a-7ff9cd64ee9e 589 7ff9cd64eefc-7ff9cd64ef09 588->589 590 7ff9cd64eea1-7ff9cd64eea6 588->590 591 7ff9cd64ef0b 589->591 592 7ff9cd64ef0c-7ff9cd64ef1a 589->592 591->592 593 7ff9cd64eee9-7ff9cd64eeed 592->593 594 7ff9cd64ef1c-7ff9cd64ef86 592->594 595 7ff9cd64eeef 593->595 596 7ff9cd64eef5 593->596 602 7ff9cd64ef98 594->602 603 7ff9cd64ef88-7ff9cd64ef96 594->603 595->596 598 7ff9cd64eef7 596->598 599 7ff9cd64eef8-7ff9cd64eefb 596->599 598->599 599->589 604 7ff9cd64ef9d-7ff9cd64ef9f 602->604 603->604 605 7ff9cd64efb1-7ff9cd64efb8 604->605 606 7ff9cd64efa1-7ff9cd64efaf 604->606 607 7ff9cd64efba-7ff9cd64efcf 605->607 606->605 610 7ff9cd64efd4-7ff9cd64f034 607->610 616 7ff9cd64f0ab-7ff9cd64f0dc 610->616 617 7ff9cd64f036-7ff9cd64f070 610->617 622 7ff9cd64f255-7ff9cd64f26b call 7ff9cd64f44f 616->622 623 7ff9cd64f0e2-7ff9cd64f136 616->623 625 7ff9cd64f07c-7ff9cd64f0a9 617->625 626 7ff9cd64f072 617->626 631 7ff9cd64f26d-7ff9cd64f278 622->631 632 7ff9cd64f2d8-7ff9cd64f32c 622->632 640 7ff9cd64f21d-7ff9cd64f22b call 7ff9cd64f408 623->640 641 7ff9cd64f13c-7ff9cd64f15b 623->641 625->616 625->617 626->625 635 7ff9cd64f27a-7ff9cd64f29b 631->635 636 7ff9cd64f2d1-7ff9cd64f2d6 631->636 663 7ff9cd64f35d-7ff9cd64f38c 632->663 664 7ff9cd64f32e-7ff9cd64f356 632->664 635->636 654 7ff9cd64f29d-7ff9cd64f2b2 635->654 636->631 636->632 650 7ff9cd64f22d-7ff9cd64f235 640->650 651 7ff9cd64f237-7ff9cd64f24f 640->651 646 7ff9cd64f15d-7ff9cd64f162 641->646 647 7ff9cd64f164 641->647 652 7ff9cd64f166-7ff9cd64f168 646->652 647->652 650->622 650->651 651->622 651->623 656 7ff9cd64f16e-7ff9cd64f178 652->656 657 7ff9cd64f1ff-7ff9cd64f217 652->657 665 7ff9cd64f2bb 654->665 666 7ff9cd64f2b4-7ff9cd64f2b9 654->666 658 7ff9cd64f18a-7ff9cd64f19a 656->658 659 7ff9cd64f17a-7ff9cd64f188 656->659 657->640 657->641 672 7ff9cd64f19d-7ff9cd64f1a5 658->672 659->658 659->672 664->663 667 7ff9cd64f2bd-7ff9cd64f2bf 665->667 666->667 667->636 673 7ff9cd64f2c1-7ff9cd64f2ca 667->673 674 7ff9cd64f1d6-7ff9cd64f1d9 672->674 675 7ff9cd64f1a7-7ff9cd64f1c7 672->675 673->636 674->657 678 7ff9cd64f1db-7ff9cd64f1ea 674->678 675->674 679 7ff9cd64f1c9-7ff9cd64f1ce 675->679 678->657 681 7ff9cd64f1ec-7ff9cd64f1f8 678->681 679->674 681->657
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1284556718.00007FF9CD630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD630000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd630000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9497e9db98b4ffe8bd5622365c234bacd39522f805f39eb4fa665d6430f222b7
                                                                                                                                                                                    • Instruction ID: 64282946608f4100f06384b563cb99bb6c7c67342aeb049ed0cd5045d6d38f97
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9497e9db98b4ffe8bd5622365c234bacd39522f805f39eb4fa665d6430f222b7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF1CF31F0C94A8FEB95DF2885517BA77E2EF99300F14407AD49DD7296DE68B842CB40
                                                                                                                                                                                    Function 00007FF9CD64EF18 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 682 7ff9cd64ef18-7ff9cd64ef86 686 7ff9cd64ef98 682->686 687 7ff9cd64ef88-7ff9cd64ef96 682->687 688 7ff9cd64ef9d-7ff9cd64ef9f 686->688 687->688 689 7ff9cd64efb1-7ff9cd64efcf 688->689 690 7ff9cd64efa1-7ff9cd64efaf 688->690 694 7ff9cd64efd4-7ff9cd64f034 689->694 690->689 700 7ff9cd64f0ab-7ff9cd64f0dc 694->700 701 7ff9cd64f036-7ff9cd64f070 694->701 706 7ff9cd64f255-7ff9cd64f26b call 7ff9cd64f44f 700->706 707 7ff9cd64f0e2-7ff9cd64f136 700->707 709 7ff9cd64f07c-7ff9cd64f0a9 701->709 710 7ff9cd64f072 701->710 715 7ff9cd64f26d-7ff9cd64f278 706->715 716 7ff9cd64f2d8-7ff9cd64f32c 706->716 724 7ff9cd64f21d-7ff9cd64f22b call 7ff9cd64f408 707->724 725 7ff9cd64f13c-7ff9cd64f15b 707->725 709->700 709->701 710->709 719 7ff9cd64f27a-7ff9cd64f29b 715->719 720 7ff9cd64f2d1-7ff9cd64f2d6 715->720 747 7ff9cd64f35d-7ff9cd64f38c 716->747 748 7ff9cd64f32e-7ff9cd64f356 716->748 719->720 738 7ff9cd64f29d-7ff9cd64f2b2 719->738 720->715 720->716 734 7ff9cd64f22d-7ff9cd64f235 724->734 735 7ff9cd64f237-7ff9cd64f24f 724->735 730 7ff9cd64f15d-7ff9cd64f162 725->730 731 7ff9cd64f164 725->731 736 7ff9cd64f166-7ff9cd64f168 730->736 731->736 734->706 734->735 735->706 735->707 740 7ff9cd64f16e-7ff9cd64f178 736->740 741 7ff9cd64f1ff-7ff9cd64f217 736->741 749 7ff9cd64f2bb 738->749 750 7ff9cd64f2b4-7ff9cd64f2b9 738->750 742 7ff9cd64f18a-7ff9cd64f19a 740->742 743 7ff9cd64f17a-7ff9cd64f188 740->743 741->724 741->725 756 7ff9cd64f19d-7ff9cd64f1a5 742->756 743->742 743->756 748->747 751 7ff9cd64f2bd-7ff9cd64f2bf 749->751 750->751 751->720 757 7ff9cd64f2c1-7ff9cd64f2ca 751->757 758 7ff9cd64f1d6-7ff9cd64f1d9 756->758 759 7ff9cd64f1a7-7ff9cd64f1c7 756->759 757->720 758->741 762 7ff9cd64f1db-7ff9cd64f1ea 758->762 759->758 763 7ff9cd64f1c9-7ff9cd64f1ce 759->763 762->741 765 7ff9cd64f1ec-7ff9cd64f1f8 762->765 763->758 765->741
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1284556718.00007FF9CD630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD630000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd630000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 821d85006fd5354a476d54f201c408700ad3d597653eef826b6e18752d99897c
                                                                                                                                                                                    • Instruction ID: 8009638be571748ca894ba0fc05080dc356c5ebbfba7ffa1f884a5855276e4d1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 821d85006fd5354a476d54f201c408700ad3d597653eef826b6e18752d99897c
                                                                                                                                                                                    • Instruction Fuzzy Hash: FBE1CD31F0894A8FEB99DF2885517B977E2FF99300F14407AD49ED7296DE64B842CB40
                                                                                                                                                                                    Function 00007FF9CD4F0BE8 Relevance: 3.9, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1282674618.00007FF9CD4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD4F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd4f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: %_^]$%_^`$%_^c
                                                                                                                                                                                    • API String ID: 0-2648732646
                                                                                                                                                                                    • Opcode ID: bb9bd3b6bb3644ffce919da0cdf4924a2134b553d645da859dc8b6b107ea2168
                                                                                                                                                                                    • Instruction ID: 495087a92e10200d4ed5cd05e87861b5a114c0cae775ee38c13c127e5e843105
                                                                                                                                                                                    • Opcode Fuzzy Hash: bb9bd3b6bb3644ffce919da0cdf4924a2134b553d645da859dc8b6b107ea2168
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C212593F0C98A1FF254EB3C28922F9ABC1DFD92A174450BBD15DDA1E3FC086C424661
                                                                                                                                                                                    Function 00007FF9CD287F81 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 250 7ff9cd287f81-7ff9cd287f8d 251 7ff9cd287f8f 250->251 252 7ff9cd287f91-7ff9cd287fca 250->252 251->252 253 7ff9cd287fd1-7ff9cd287ff8 251->253 252->253 255 7ff9cd287ffa-7ff9cd287fff 253->255 256 7ff9cd288002-7ff9cd288034 GetFileAttributesW 253->256 255->256 257 7ff9cd28803c-7ff9cd288061 256->257 258 7ff9cd288036 256->258 258->257
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1279265600.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd280000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                    • Opcode ID: a3057b28ae6dae3856f254f7f9dfaa9cae8fcd7ea61940169e89288f682707de
                                                                                                                                                                                    • Instruction ID: e6d563bd27cc41aad3f3d45080dd057e424aefb29a02b7b1d81915603ea54b7b
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3057b28ae6dae3856f254f7f9dfaa9cae8fcd7ea61940169e89288f682707de
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5431A33190CA4D8FDB59DF68D8457E9BBF0EF66311F04826FD049D3252DB646416CB81
                                                                                                                                                                                    Function 00007FF9CDA0033A Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 766 7ff9cda0033a-7ff9cda00358 768 7ff9cda00313-7ff9cda00335 766->768 769 7ff9cda0035a-7ff9cda003a9 766->769 774 7ff9cda003af-7ff9cda003b1 769->774 775 7ff9cda003e6-7ff9cda00477 774->775 776 7ff9cda003b3-7ff9cda003e5 774->776 787 7ff9cda0047d-7ff9cda0048d 775->787 788 7ff9cda0071a-7ff9cda0075b 775->788 791 7ff9cda0048f-7ff9cda00493 787->791 792 7ff9cda00499-7ff9cda004b8 787->792 791->792 794 7ff9cda00534-7ff9cda00537 791->794 798 7ff9cda004dd-7ff9cda0052c 792->798 799 7ff9cda004ba-7ff9cda004c8 792->799 795 7ff9cda00547-7ff9cda00555 794->795 796 7ff9cda00539-7ff9cda00545 794->796 795->787 796->795 801 7ff9cda0056d-7ff9cda00579 796->801 798->787 827 7ff9cda00532-7ff9cda00568 798->827 799->798 809 7ff9cda004ca-7ff9cda004d6 799->809 804 7ff9cda00672-7ff9cda0067d 801->804 805 7ff9cda0057f-7ff9cda0058f 801->805 810 7ff9cda006ef-7ff9cda0070e 804->810 811 7ff9cda0067f-7ff9cda00692 804->811 813 7ff9cda005b8 805->813 814 7ff9cda00591-7ff9cda005a3 805->814 809->798 829 7ff9cda00715 810->829 821 7ff9cda006a8-7ff9cda006c0 811->821 822 7ff9cda00694-7ff9cda006a4 811->822 816 7ff9cda005b9-7ff9cda00619 813->816 814->816 824 7ff9cda005a5-7ff9cda005b7 814->824 840 7ff9cda00635-7ff9cda0063f 816->840 841 7ff9cda0061b-7ff9cda0062e 816->841 832 7ff9cda006dc-7ff9cda006ee 821->832 831 7ff9cda006a6 822->831 822->832 824->813 827->788 829->788 831->821 832->810 843 7ff9cda00652-7ff9cda00653 840->843 844 7ff9cda00641-7ff9cda00650 840->844 841->840 845 7ff9cda00658-7ff9cda0066d 843->845 844->845 845->829
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1291874838.00007FF9CD9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD9F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd9f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 098c479aba41f98731aad60586fce392101468956594036b035933a87874f470
                                                                                                                                                                                    • Instruction ID: 8ec376906db8e495c67770f9d236602854e3356b613e2ae863fce19d4bfd0566
                                                                                                                                                                                    • Opcode Fuzzy Hash: 098c479aba41f98731aad60586fce392101468956594036b035933a87874f470
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56D11621B1CA8A0BE798DF2854522B977D1EF89310B4451BFD49FC32D3ED69B8428B85
                                                                                                                                                                                    Function 00007FF9CD9F8DA0 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1291874838.00007FF9CD9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD9F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd9f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 93e9ca052ef05438865f6076cc177e1178913936588b6b18aaffd7fe23f20009
                                                                                                                                                                                    • Instruction ID: 39c2b632d7599a1efff3db36a9d303dc9be1a4b42ca469e36fd82ac1b6b69870
                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e9ca052ef05438865f6076cc177e1178913936588b6b18aaffd7fe23f20009
                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F10160A0DA8A4FD749EB789912ADAFFF0FF52340F1446FAD04DDB093DA686945CB01
                                                                                                                                                                                    Function 00007FF9CD58042A Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1283349004.00007FF9CD580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD580000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd580000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7596a529960ee7dda782c13634322d76a9e1ffb6d5e33a4ea85a58c491c45169
                                                                                                                                                                                    • Instruction ID: 16efcc9f121ca988c6c4c42158051401fd8406fc705e9e2ce72c6ee7a6f15cef
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7596a529960ee7dda782c13634322d76a9e1ffb6d5e33a4ea85a58c491c45169
                                                                                                                                                                                    • Instruction Fuzzy Hash: D1B13732B0DA8A5FEB94EF2C4C566B63BE1EF96220B0410BFD85EC7093E955BD018751
                                                                                                                                                                                    Function 00007FF9CD4F90F4 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1282674618.00007FF9CD4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD4F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd4f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 294cdc75aa0f60ce1e67ccfe2cbe7c34c084e95223157bdc884490425bf8b148
                                                                                                                                                                                    • Instruction ID: fa62b105d39de357721f488f571e7d3a7c98c7d3bad1cf3730e2db03d40c4615
                                                                                                                                                                                    • Opcode Fuzzy Hash: 294cdc75aa0f60ce1e67ccfe2cbe7c34c084e95223157bdc884490425bf8b148
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05712612B1DA5B0BF3A5EA2C240537E36C1EFCE360B1510BBD55DC32E6EE59BC064280
                                                                                                                                                                                    Function 00007FF9CD5804C0 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1283349004.00007FF9CD580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD580000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd580000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 84e83052deff6f7115eff211bdb38881057b1c62c9232b5477e7f82e525756a3
                                                                                                                                                                                    • Instruction ID: 4185cac510393979a1527d449e438fbbb7fdf482af9df1892036b3307e1d39fb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 84e83052deff6f7115eff211bdb38881057b1c62c9232b5477e7f82e525756a3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9541E521B4DACB4FEB99EF2C4C617786AD1EF55210B4810BBD85EC7097ED89BD008710
                                                                                                                                                                                    Function 00007FF9CD64F7D2 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1284556718.00007FF9CD630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD630000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd630000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 51d57bb99f6e0db8c87dfeddd31078f5e5853a105d7388bc60a2c7ca2c747bb4
                                                                                                                                                                                    • Instruction ID: caaa6d5773d8a512159c395e1c66e02e94932bfdd71a7872d3afb0b4007d6bc2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 51d57bb99f6e0db8c87dfeddd31078f5e5853a105d7388bc60a2c7ca2c747bb4
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5410130F08A4A4FEB95EE2895503B937E2EF91310F14407BD89DCB292EE69F841CB50
                                                                                                                                                                                    Function 00007FF9CDAE8400 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1293154926.00007FF9CDAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CDAE0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cdae0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 98a2abf58e1746c2a078f1bdef92efad89efa4ed8926831b15749a750eb31a20
                                                                                                                                                                                    • Instruction ID: 441d0c2558f93ad59296a47595b406444285f6a82a4d6cf6165666f1e9c63de0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 98a2abf58e1746c2a078f1bdef92efad89efa4ed8926831b15749a750eb31a20
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D417271B18A1A4FEB54EB6898557F9B7E1FF49350F4445BAE40DE3292DD39AC008780
                                                                                                                                                                                    Function 00007FF9CD9F8960 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1291874838.00007FF9CD9F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD9F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd9f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: be9c256e3bbcc0f7f9e9ee99760c1b4349a9b232b630d01fa7b345e0ccccc103
                                                                                                                                                                                    • Instruction ID: f598a3f7c76875f85cf64b92caa815d70617ab98e753804fb26b4d3f40c4cb26
                                                                                                                                                                                    • Opcode Fuzzy Hash: be9c256e3bbcc0f7f9e9ee99760c1b4349a9b232b630d01fa7b345e0ccccc103
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C319075B19D5F4FEBD8EE1888547BA62D2FF98300F04507A941ED7286DE69FC018B81
                                                                                                                                                                                    Function 00007FF9CD8A2AFF Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1289590893.00007FF9CD890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD890000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd890000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6f5e0ac8dc52dc67ea5742265bf6cccbaf447f3e12fb5594d01ec5e1966b26b1
                                                                                                                                                                                    • Instruction ID: ca6c71f868bf5074869c21401ab457a01679ef377df3a0d4a5289bc3feff3a15
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f5e0ac8dc52dc67ea5742265bf6cccbaf447f3e12fb5594d01ec5e1966b26b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: B2317230A1CA068BEB5CEF189441A6AB7E1FF98340F50553EE45EC3293DE64F8468B45
                                                                                                                                                                                    Function 00007FF9CD4F93D9 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1282674618.00007FF9CD4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD4F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd4f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6c3228a7259f36149145f611263f0ef37ba9363eab7a23ee0b7caf3207593f0e
                                                                                                                                                                                    • Instruction ID: 3a6fd879905276964c89f82f51b0cf3841dbe3eb9e6504d13bfb505339e699d8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c3228a7259f36149145f611263f0ef37ba9363eab7a23ee0b7caf3207593f0e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D016B5170E9870FE745A63898053F97BC0EF91390F0840B7D41CC70E2EE18A98243A1
                                                                                                                                                                                    Function 00007FF9CD4F8A68 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1282674618.00007FF9CD4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD4F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd4f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 24ff92206048df8d79342a6b8b453936b9d02395069b5591e71af084e6fdd497
                                                                                                                                                                                    • Instruction ID: 68d715a1991c1c0756840752a1e55965d4148acf7ed5ee5f1f624c1a209d5ad5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 24ff92206048df8d79342a6b8b453936b9d02395069b5591e71af084e6fdd497
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5201CE53F1CD8B0FF7A4EA3C18963B49AC1DBD911174860BAC66DDA1E7EC886C421A51
                                                                                                                                                                                    Function 00007FF9CDAE1C78 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1293154926.00007FF9CDAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CDAE0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cdae0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 51a02e3f8f910b69eeca934fd8da3fbbdc9cc32ac7c2e77f7cb260523b21cacb
                                                                                                                                                                                    • Instruction ID: d8372898df3a6b9bce607495d43f61abe9ce248642695158ccc283918bd53e0d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a02e3f8f910b69eeca934fd8da3fbbdc9cc32ac7c2e77f7cb260523b21cacb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2ED0C77374D6060AB248544C7C432F473C1C7C6331B10127FD15EC2597EC8B78574585

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 00007FF9CD4F89B5 Relevance: 6.3, Strings: 5, Instructions: 60COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000003.00000002.1282674618.00007FF9CD4F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD4F0000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_7ff9cd4f0000_powershell.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: %_^G$%_^J$%_^]$%_^`$%_^c
                                                                                                                                                                                    • API String ID: 0-1137935488
                                                                                                                                                                                    • Opcode ID: 6076f0dd112998a47ff35f77b7674161a4b3d6dfa37d60fd2df8351e53e74b89
                                                                                                                                                                                    • Instruction ID: b0e5348deb3fc6e75454c16256f8e200ea613e9c9c1718adfa61bad75607e34e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6076f0dd112998a47ff35f77b7674161a4b3d6dfa37d60fd2df8351e53e74b89
                                                                                                                                                                                    • Instruction Fuzzy Hash: 20118CE7B0D2423BE200FB696C029E7BBE0AF423B57949477D06CEE583F8246443D290

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:11.8%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:3
                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                    execution_graph 6548 7ff9cd268b94 6549 7ff9cd268b9d LoadLibraryExW 6548->6549 6551 7ff9cd268c4d 6549->6551

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD268B94 Relevance: 1.6, APIs: 1, Instructions: 114libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 249 7ff9cd268b94-7ff9cd268b9b 250 7ff9cd268b9d-7ff9cd268ba5 249->250 251 7ff9cd268ba6-7ff9cd268c0f 249->251 250->251 254 7ff9cd268c19-7ff9cd268c4b LoadLibraryExW 251->254 255 7ff9cd268c11-7ff9cd268c16 251->255 256 7ff9cd268c4d 254->256 257 7ff9cd268c53-7ff9cd268c7a 254->257 255->254 256->257
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000E.00000002.2024508752.00007FF9CD260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD260000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff9cd260000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                    • Opcode ID: 8a0a8a46106e46fd09ae41c10f6e2a5a06e85f689ac3ca0a04b5e40d4183d6aa
                                                                                                                                                                                    • Instruction ID: 9a1247d75e28b660c9149dbee3ebd8b5cecbb8ea3f31bc541d946650d342c9cd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a0a8a46106e46fd09ae41c10f6e2a5a06e85f689ac3ca0a04b5e40d4183d6aa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B31C17190CB4D8FDB59DF6C9849BE9BBF0FB66320F04822BD049D3291DB74A4168B91
                                                                                                                                                                                    Function 00007FF9CD14E24A Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 449 7ff9cd14e24a-7ff9cd14e280 451 7ff9cd14e282-7ff9cd14e290 449->451 452 7ff9cd14e293-7ff9cd14e2a1 449->452 451->452 455 7ff9cd14e2cf 452->455 456 7ff9cd14e2a3-7ff9cd14e2a6 452->456 458 7ff9cd14e2a9-7ff9cd14e2ab 455->458 459 7ff9cd14e2d1 455->459 456->458 458->455 460 7ff9cd14e2e7-7ff9cd14e309 459->460 461 7ff9cd14e2d3-7ff9cd14e2e5 459->461 465 7ff9cd14e31a-7ff9cd14e31c 460->465 466 7ff9cd14e30b-7ff9cd14e315 460->466 461->460 468 7ff9cd14e31d-7ff9cd14e38b 465->468 466->468 469 7ff9cd14e317 466->469 472 7ff9cd14e38d-7ff9cd14e394 468->472 469->465 473 7ff9cd14e3bb-7ff9cd14e3d0 472->473 474 7ff9cd14e396-7ff9cd14e3af 472->474 475 7ff9cd14e3b3-7ff9cd14e3b9 474->475 475->472
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000E.00000002.2023644044.00007FF9CD14D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD14D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff9cd14d000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: `{k+
                                                                                                                                                                                    • API String ID: 0-1752425602
                                                                                                                                                                                    • Opcode ID: a5beef7536079cbc21ca8bd483845f57f84102f07adbe6de0291260539685413
                                                                                                                                                                                    • Instruction ID: 68d791cb54eada5a8c9554cd1b571a34b1daf8c4a680ac8e0d4fa017b7345764
                                                                                                                                                                                    • Opcode Fuzzy Hash: a5beef7536079cbc21ca8bd483845f57f84102f07adbe6de0291260539685413
                                                                                                                                                                                    • Instruction Fuzzy Hash: FB51E57050DB868FE76ADF2888559623FE0EF57710B1445EFE088CB1A2E665F805CB52
                                                                                                                                                                                    Function 00007FF9CD14E2C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000E.00000002.2023644044.00007FF9CD14D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD14D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_7ff9cd14d000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6590269d0d028402db746811a290157f5154961a7ed6916efc09bb5ec8eefa03
                                                                                                                                                                                    • Instruction ID: 3d6845a7f77f2814fa3fb349dd1d790394ab2d96e85d8cdf08be27d46df4fd87
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6590269d0d028402db746811a290157f5154961a7ed6916efc09bb5ec8eefa03
                                                                                                                                                                                    • Instruction Fuzzy Hash: B531E66090DBC69FE76ACF288855A223FB0EF57710B1541EFD088CB193E569F806CB61

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:4%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:2.2%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:91
                                                                                                                                                                                    Total number of Limit Nodes:2
                                                                                                                                                                                    execution_graph 33444 7ff9cd2839d4 33445 7ff9cd2839dd 33444->33445 33448 7ffa2e8e7770 rand_s 33445->33448 33449 7ff9cd283a68 33448->33449 33450 7ffa2e8e778c 33448->33450 33460 7ffa2e8e9520 6 API calls 33450->33460 33461 7ffa2e8b17c0 33464 7ffa2e8c49b0 33461->33464 33463 7ffa2e8b17e0 shared_ptr 33465 7ffa2e8c49cb 33464->33465 33468 7ffa2e8c4e40 33465->33468 33467 7ffa2e8c4a45 33467->33463 33482 7ffa2e8b6770 33468->33482 33473 7ffa2e8c4e8c 33474 7ffa2e8c4e99 33473->33474 33493 7ffa2e8baf50 _lock_locales _unlock_locales __int64 33473->33493 33474->33467 33476 7ffa2e8c4ea9 std::ios_base::Init::_Init_dtor 33494 7ffa2e8b487c 19 API calls std::ios_base::failure::failure 33476->33494 33478 7ffa2e8c4ee9 _CxxThrowException 33479 7ffa2e8c4f11 33478->33479 33480 7ffa2e8c4f38 33479->33480 33481 7ffa2e8c4f2b setvbuf 33479->33481 33480->33467 33481->33480 33495 7ffa2e8b6cd0 33482->33495 33484 7ffa2e8b67b0 33506 7ffa2e9019fc 33484->33506 33487 7ffa2e8b67c9 33489 7ffa2e8c4fb0 33487->33489 33490 7ffa2e8c4fd9 33489->33490 33520 7ffa2e8c47c0 33490->33520 33493->33474 33494->33478 33496 7ffa2e8b6ce1 33495->33496 33497 7ffa2e8b6ce7 std::ios_base::Init::_Init_dtor 33495->33497 33496->33484 33516 7ffa2e8b487c 19 API calls std::ios_base::failure::failure 33497->33516 33499 7ffa2e8b6d29 _CxxThrowException 33500 7ffa2e8b6d40 33499->33500 33501 7ffa2e8b6d58 33500->33501 33502 7ffa2e8b6d5e _CxxThrowException 33500->33502 33503 7ffa2e8b6d68 std::ios_base::Init::_Init_dtor 33500->33503 33501->33484 33502->33503 33517 7ffa2e8b487c 19 API calls std::ios_base::failure::failure 33503->33517 33505 7ffa2e8b6daa _CxxThrowException 33507 7ffa2e901a16 malloc 33506->33507 33508 7ffa2e901a07 33507->33508 33509 7ffa2e8b67ba 33507->33509 33508->33507 33510 7ffa2e901a26 33508->33510 33509->33487 33515 7ffa2e8c1690 10 API calls 3 library calls 33509->33515 33513 7ffa2e901a31 33510->33513 33518 7ffa2e8e9480 _CxxThrowException Concurrency::cancel_current_task 33510->33518 33519 7ffa2e8b69d8 _CxxThrowException std::bad_alloc::bad_alloc 33513->33519 33515->33487 33516->33499 33517->33505 33537 7ffa2e8e5e20 33520->33537 33522 7ffa2e8c47da 33523 7ffa2e8e5e20 __int64 _lock_locales 33522->33523 33528 7ffa2e8c4829 33522->33528 33524 7ffa2e8c47ff 33523->33524 33554 7ffa2e8e5ec0 _unlock_locales 33524->33554 33526 7ffa2e8c48c1 33526->33473 33526->33476 33535 7ffa2e8c4876 33528->33535 33540 7ffa2e8b6200 33528->33540 33531 7ffa2e8c48cf 33557 7ffa2e8b69f8 _CxxThrowException free free std::bad_alloc::bad_alloc 33531->33557 33532 7ffa2e8c488e 33555 7ffa2e8c1648 _CxxThrowException _CxxThrowException malloc std::_Facet_Register 33532->33555 33556 7ffa2e8e5ec0 _unlock_locales 33535->33556 33538 7ffa2e8e5e2f _lock_locales 33537->33538 33539 7ffa2e8e5e37 33537->33539 33538->33539 33539->33522 33541 7ffa2e8b62e9 33540->33541 33542 7ffa2e8b622f 33540->33542 33541->33531 33541->33532 33542->33541 33543 7ffa2e9019fc std::_Facet_Register 3 API calls 33542->33543 33544 7ffa2e8b6240 33543->33544 33545 7ffa2e8b62d4 33544->33545 33546 7ffa2e8b6266 33544->33546 33545->33541 33558 7ffa2e8b4dc0 33545->33558 33573 7ffa2e8b44f0 8 API calls __int64 33546->33573 33549 7ffa2e8b627d 33574 7ffa2e8b2f90 6 API calls 33549->33574 33551 7ffa2e8b629a 33575 7ffa2e8e9900 ___lc_codepage_func ___mb_cur_max_func ___lc_locale_name_func __pctype_func 33551->33575 33553 7ffa2e8b62b3 33553->33545 33554->33528 33555->33535 33556->33526 33576 7ffa2e8c1820 33558->33576 33561 7ffa2e8b4dd7 free 33562 7ffa2e8b4ddd 33561->33562 33563 7ffa2e8b4deb free 33562->33563 33564 7ffa2e8b4df1 33562->33564 33563->33564 33565 7ffa2e8b4e05 33564->33565 33566 7ffa2e8b4dff free 33564->33566 33567 7ffa2e8b4e13 free 33565->33567 33568 7ffa2e8b4e19 33565->33568 33566->33565 33567->33568 33569 7ffa2e8b4e27 free 33568->33569 33570 7ffa2e8b4e2d 33568->33570 33569->33570 33571 7ffa2e8b4e3b free 33570->33571 33572 7ffa2e8b4e41 33570->33572 33571->33572 33573->33549 33574->33551 33575->33553 33577 7ffa2e8b4dce 33576->33577 33578 7ffa2e8c182d setlocale 33576->33578 33577->33561 33577->33562 33578->33577

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD281760 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7d72552ba817fea741ffb6015b410e998a5f843e9f69ff4504c637bab7a7c3e5
                                                                                                                                                                                    • Instruction ID: 96229947a87098738695d4ecfa095abe94d2fe48014fc7777ea83a30875f72a4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d72552ba817fea741ffb6015b410e998a5f843e9f69ff4504c637bab7a7c3e5
                                                                                                                                                                                    • Instruction Fuzzy Hash: E5812A62F1CE9F1BE359DE1C8C822B57BD1EF55300B58517EE46AC31C6FD68B9028A80
                                                                                                                                                                                    Function 00007FFA2E8C4E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowsetvbufstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2924853686-1866435925
                                                                                                                                                                                    • Opcode ID: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                                                                                                                                                                                    • Instruction ID: accb47bde524f487ed0f42df08fa9e94321fc67d7507f36e1a9a67980334e1d7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 47805a345854c529338c07a9419415b658b8feda0283bc78d48a2660156df3fe
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2941CF73B14B4686EB54CF64E8803A833A0FB1AB98F409139CA8C57695DF3CE5D4C340
                                                                                                                                                                                    Function 00007FFA2E8B4DC0 Relevance: 7.5, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8C1820: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFA2E8B4DCE,?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8C182F
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4DD7
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4DEB
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4DFF
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4E13
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4E27
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8B4E3B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$setlocale
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 294139027-0
                                                                                                                                                                                    • Opcode ID: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                                                                                                                                                                                    • Instruction ID: f8b7916697e3b42aac02e298445f16d99f808094d4dfb8ffebb4a361bb5f34a4
                                                                                                                                                                                    • Opcode Fuzzy Hash: b8b63cebef85047749179442e3fa845e3ea1b3d86ead0dd43191662547eaa13f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1811FA36B16A0189EF699FA1D8E63396361EF55F08F18413DC90E69548CF6DE8D4C390
                                                                                                                                                                                    Function 00007FFA2E8E7770 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: rand_s
                                                                                                                                                                                    • String ID: invalid random_device value
                                                                                                                                                                                    • API String ID: 863162693-3926945683
                                                                                                                                                                                    • Opcode ID: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                                                                                                                                                                                    • Instruction ID: 90988c6e6d9f00f81a553b3f41982f9fb8adaedd2a9b7272d26fc193a24e4574
                                                                                                                                                                                    • Opcode Fuzzy Hash: 01beef4781989b856bb6bfb388d7e35ba10fe6f0418fd590c60b2c945299e0ad
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB51D432F18A8685F2529B349CD11B9A354BF27384F18C77AF68E36591DF2DF4D28240
                                                                                                                                                                                    Function 00007FFA2E8C47C0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E5E20: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,7FFFFFFFFFFFFFFF,00007FFA2E8B3956,?,?,?,7FFFFFFFFFFFFFFF), ref: 00007FFA2E8E5E2F
                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00007FFA2E8C489B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Facet_Register_lock_localesstd::_
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3986400115-0
                                                                                                                                                                                    • Opcode ID: c02ee55047341c05b80ab444c29d56168f2a9c58e820bfdb470ccca98146f78c
                                                                                                                                                                                    • Instruction ID: 9d3011c0e6faa52dfba91962611da14ba86bc29544c0db634efd7f2750a20db0
                                                                                                                                                                                    • Opcode Fuzzy Hash: c02ee55047341c05b80ab444c29d56168f2a9c58e820bfdb470ccca98146f78c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4731A436B08A8254FB199B55DCC0179A361EF47BA0F08913AEA9D677A5DE7CF4C18300
                                                                                                                                                                                    Function 00007FFA2E8C1820 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 123 7ffa2e8c1820-7ffa2e8c182b 124 7ffa2e8c1835-7ffa2e8c1839 123->124 125 7ffa2e8c182d-7ffa2e8c182f setlocale 123->125 125->124
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFA2E8B4DCE,?,?,00000000,00007FFA2E8B5C6B), ref: 00007FFA2E8C182F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: setlocale
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1598674530-0
                                                                                                                                                                                    • Opcode ID: a82dfa2e289256beb2ab5b91630a1cee5c9ba685a95787c69a096886c5a9cd14
                                                                                                                                                                                    • Instruction ID: e6a9b037db7586ce8c70eb69f1c8ffbcc2d6166e64d3a9769c1422432b1bce5e
                                                                                                                                                                                    • Opcode Fuzzy Hash: a82dfa2e289256beb2ab5b91630a1cee5c9ba685a95787c69a096886c5a9cd14
                                                                                                                                                                                    • Instruction Fuzzy Hash: 77C02BB6F09100C0DE1C17198CC50394232BF1ABC0FD4D43DC40D20180CD1ED0D28300
                                                                                                                                                                                    Function 00007FF9CD2814F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 126 7ff9cd2814f8-7ff9cd281611 139 7ff9cd281613-7ff9cd281616 126->139 140 7ff9cd281641-7ff9cd281646 126->140 141 7ff9cd281618 139->141 142 7ff9cd281633-7ff9cd281636 139->142 143 7ff9cd28165d-7ff9cd28165e 140->143 144 7ff9cd281648-7ff9cd28164e 140->144 145 7ff9cd2845c0-7ff9cd2845e7 141->145 142->140 146 7ff9cd28164f-7ff9cd281654 142->146 147 7ff9cd281664-7ff9cd281669 143->147 144->147 152 7ff9cd28164e 144->152 153 7ff9cd2845e9-7ff9cd28460d call 7ff9cd2814f8 145->153 154 7ff9cd284614-7ff9cd28461a 145->154 146->145 150 7ff9cd28166b-7ff9cd28166e 147->150 152->147 155 7ff9cd281650-7ff9cd281656 152->155 153->154 161 7ff9cd28460f call 7ff9cd281610 153->161 155->150 162 7ff9cd281658 155->162 161->154 162->143
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .M_^
                                                                                                                                                                                    • API String ID: 0-2820351210
                                                                                                                                                                                    • Opcode ID: a3d9e54e8b78e6c42e9e4ace0c5ce66f9ca023491e413c13b9539c6a5ae3f6cd
                                                                                                                                                                                    • Instruction ID: a7673115a94314eb7a744210cebaf889352ce12178fe86b2a3037de6dad56646
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3d9e54e8b78e6c42e9e4ace0c5ce66f9ca023491e413c13b9539c6a5ae3f6cd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4331E817B49A2F07D610BB7D7C452F8B750EFD2372B0493B7E568D9082EC4925868792
                                                                                                                                                                                    Function 00007FF9CD281510 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 164 7ff9cd281510-7ff9cd281611 181 7ff9cd281613-7ff9cd281616 164->181 182 7ff9cd281641-7ff9cd281646 164->182 183 7ff9cd281618 181->183 184 7ff9cd281633-7ff9cd281636 181->184 185 7ff9cd28165d-7ff9cd28165e 182->185 186 7ff9cd281648-7ff9cd28164e 182->186 187 7ff9cd2845c0-7ff9cd2845e7 183->187 184->182 188 7ff9cd28164f-7ff9cd281654 184->188 189 7ff9cd281664-7ff9cd281669 185->189 186->189 194 7ff9cd28164e 186->194 195 7ff9cd2845e9-7ff9cd2845f0 187->195 196 7ff9cd284614-7ff9cd28461a 187->196 188->187 192 7ff9cd28166b-7ff9cd28166e 189->192 194->189 197 7ff9cd281650-7ff9cd281656 194->197 198 7ff9cd2845f2-7ff9cd28460d call 7ff9cd2814f8 195->198 197->192 204 7ff9cd281658 197->204 198->196 203 7ff9cd28460f call 7ff9cd281610 198->203 203->196 204->185
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .M_^
                                                                                                                                                                                    • API String ID: 0-2820351210
                                                                                                                                                                                    • Opcode ID: 4c82050faf253f6c81dd42b550188effbdd0df1230e06a9c41f640554b000384
                                                                                                                                                                                    • Instruction ID: fed25c685060ec9f85fae75f13a30ff4a5d4d3377aaff7bd3c281058dd4ed558
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c82050faf253f6c81dd42b550188effbdd0df1230e06a9c41f640554b000384
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4631F313B49A2F17D711BB7C7C052F8B790EF92372B0493B7E568D9082AC0925868792
                                                                                                                                                                                    Function 00007FF9CD2815A3 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 206 7ff9cd2815a3-7ff9cd2815a9 207 7ff9cd2815ab-7ff9cd2815d7 206->207 208 7ff9cd2815d9-7ff9cd281611 206->208 207->208 215 7ff9cd281613-7ff9cd281616 208->215 216 7ff9cd281641-7ff9cd281646 208->216 217 7ff9cd281618 215->217 218 7ff9cd281633-7ff9cd281636 215->218 219 7ff9cd28165d-7ff9cd28165e 216->219 220 7ff9cd281648-7ff9cd28164e 216->220 221 7ff9cd2845c0-7ff9cd2845e7 217->221 218->216 222 7ff9cd28164f-7ff9cd281654 218->222 223 7ff9cd281664-7ff9cd281669 219->223 220->223 228 7ff9cd28164e 220->228 229 7ff9cd2845e9-7ff9cd2845f0 221->229 230 7ff9cd284614-7ff9cd28461a 221->230 222->221 226 7ff9cd28166b-7ff9cd28166e 223->226 228->223 231 7ff9cd281650-7ff9cd281656 228->231 232 7ff9cd2845f2-7ff9cd28460d call 7ff9cd2814f8 229->232 231->226 238 7ff9cd281658 231->238 232->230 237 7ff9cd28460f call 7ff9cd281610 232->237 237->230 238->219
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .M_^
                                                                                                                                                                                    • API String ID: 0-2820351210
                                                                                                                                                                                    • Opcode ID: 6478a81e41526d77869288f07e9b4ff3e377c910a170dbb2ce7733f7899dc824
                                                                                                                                                                                    • Instruction ID: d3f5057f4f925eecf84f683fe83d0436a4c467264151b3fe81c0e14e7a9763c8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6478a81e41526d77869288f07e9b4ff3e377c910a170dbb2ce7733f7899dc824
                                                                                                                                                                                    • Instruction Fuzzy Hash: F921D617F5962B07E611AB6D7C053F8BB40DF92772B0853B7E5A8D9082FC4826464791
                                                                                                                                                                                    Function 00007FF9CD2815C8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 240 7ff9cd2815c8-7ff9cd281611 247 7ff9cd281613-7ff9cd281616 240->247 248 7ff9cd281641-7ff9cd281646 240->248 249 7ff9cd281618 247->249 250 7ff9cd281633-7ff9cd281636 247->250 251 7ff9cd28165d-7ff9cd28165e 248->251 252 7ff9cd281648-7ff9cd28164e 248->252 253 7ff9cd2845c0-7ff9cd2845e7 249->253 250->248 254 7ff9cd28164f-7ff9cd281654 250->254 255 7ff9cd281664-7ff9cd281669 251->255 252->255 260 7ff9cd28164e 252->260 261 7ff9cd2845e9-7ff9cd28460d call 7ff9cd2814f8 253->261 262 7ff9cd284614-7ff9cd28461a 253->262 254->253 258 7ff9cd28166b-7ff9cd28166e 255->258 260->255 263 7ff9cd281650-7ff9cd281656 260->263 261->262 269 7ff9cd28460f call 7ff9cd281610 261->269 263->258 270 7ff9cd281658 263->270 269->262 270->251
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .M_^
                                                                                                                                                                                    • API String ID: 0-2820351210
                                                                                                                                                                                    • Opcode ID: 576d871b11e92f8d623c4651a957ef35d5cf6f1475e0bc6f49e87a7f9b67f4a8
                                                                                                                                                                                    • Instruction ID: 8ae3f287638ada3459a66074ab5bf1040f42c70d804cde85ee137b1d73752d6c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 576d871b11e92f8d623c4651a957ef35d5cf6f1475e0bc6f49e87a7f9b67f4a8
                                                                                                                                                                                    • Instruction Fuzzy Hash: D111D313F59A6B0BE655AB6C2C013F47780EF55772B0852B7E568D9082FC482A868791
                                                                                                                                                                                    Function 00007FF9CD281338 Relevance: 1.3, Strings: 1, Instructions: 7COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 272 7ff9cd281338-7ff9cd281346
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .M_^
                                                                                                                                                                                    • API String ID: 0-2820351210
                                                                                                                                                                                    • Opcode ID: 95aa6e89f16cb9c10492008f6cb3f4d5d7c16ea4c064dd082f3ec66e7f10ae7f
                                                                                                                                                                                    • Instruction ID: eac395bb6415e63007b4d0964a52ba517350609233c6864d1f3d2fee198cf24a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 95aa6e89f16cb9c10492008f6cb3f4d5d7c16ea4c064dd082f3ec66e7f10ae7f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 25B0924390EFC10FE3439B281C252102E613EA721070A80EBC088CB0EBA8086D048222
                                                                                                                                                                                    Function 00007FF9CD28BDAD Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0d2f8d6f47c4c9499d8ddf94cf1acf0cb766b404e26a2f91d27f12edf13aebf1
                                                                                                                                                                                    • Instruction ID: cbedd159f170cf2e63b5472d32f4e00c8945319ebb46ab44142a0fa547e2b528
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d2f8d6f47c4c9499d8ddf94cf1acf0cb766b404e26a2f91d27f12edf13aebf1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A029071B0CA498FDB85EB6CD855BA87BE1EF59301F1440A9D44EDB2A7DE24EC42CB40
                                                                                                                                                                                    Function 00007FF9CD28E8F0 Relevance: .5, Instructions: 455COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 359 7ff9cd28e8f0-7ff9cd28e927 362 7ff9cd28e971 359->362 363 7ff9cd28e929-7ff9cd28e939 359->363 364 7ff9cd28e972-7ff9cd28e973 362->364 365 7ff9cd28e974-7ff9cd28e990 362->365 366 7ff9cd28e992-7ff9cd28e996 363->366 367 7ff9cd28e93b 363->367 364->365 365->366 368 7ff9cd28ea12-7ff9cd28ea16 366->368 369 7ff9cd28e997 366->369 370 7ff9cd28e93e 367->370 373 7ff9cd28ea17-7ff9cd28ea51 call 7ff9cd28dc68 368->373 371 7ff9cd28ea08-7ff9cd28ea11 369->371 372 7ff9cd28e998-7ff9cd28e99b 369->372 374 7ff9cd28e9bf-7ff9cd28e9c1 370->374 375 7ff9cd28e940-7ff9cd28e946 370->375 371->368 372->373 376 7ff9cd28e99d-7ff9cd28e9bc 372->376 388 7ff9cd28ea53 373->388 378 7ff9cd28e9c2-7ff9cd28e9e0 374->378 375->370 379 7ff9cd28e948-7ff9cd28e969 375->379 376->374 386 7ff9cd28e9e5-7ff9cd28e9ee 378->386 379->386 387 7ff9cd28e96b-7ff9cd28e970 379->387 392 7ff9cd28e9f1-7ff9cd28e9fc 386->392 387->362 387->392 389 7ff9cd28ea55-7ff9cd28ea57 call 7ff9cd28e558 388->389 390 7ff9cd28eacf-7ff9cd28eaf6 388->390 401 7ff9cd28ea5c-7ff9cd28ea61 389->401 396 7ff9cd28eaf8 390->396 392->378 398 7ff9cd28e9fe 392->398 399 7ff9cd28ec1a-7ff9cd28ec92 call 7ff9cd28db08 call 7ff9cd28e6a0 396->399 400 7ff9cd28eafe-7ff9cd28eb04 396->400 402 7ff9cd28ea78-7ff9cd28ea80 398->402 403 7ff9cd28ea00-7ff9cd28ea04 398->403 405 7ff9cd28ec99-7ff9cd28ed11 call 7ff9cd28db08 399->405 400->405 406 7ff9cd28eb0a-7ff9cd28eb13 400->406 407 7ff9cd28ea63-7ff9cd28ea75 401->407 408 7ff9cd28ea8f-7ff9cd28ea90 401->408 410 7ff9cd28ea85-7ff9cd28ea87 402->410 403->410 411 7ff9cd28ea06 403->411 413 7ff9cd28eb14-7ff9cd28eb16 406->413 407->402 417 7ff9cd28ea91-7ff9cd28eac3 408->417 410->396 415 7ff9cd28ea89-7ff9cd28ea8b 410->415 411->371 419 7ff9cd28eb07-7ff9cd28eb0c 415->419 420 7ff9cd28ea8d 415->420 422 7ff9cd28eac5-7ff9cd28eacb 417->422 423 7ff9cd28eb17-7ff9cd28eb88 call 7ff9cd28db08 call 7ff9cd28e6a0 417->423 419->413 424 7ff9cd28eb0e-7ff9cd28eb13 419->424 420->408 420->417 427 7ff9cd28ead1-7ff9cd28eaf6 422->427 428 7ff9cd28eb96-7ff9cd28ec0c call 7ff9cd28db08 422->428 423->428 424->413 427->396 428->399
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 893965093930016a60072e42591bb4f14d1517ce3d7db989a3a17c3847b47252
                                                                                                                                                                                    • Instruction ID: 344b01108a79c771cf90a77881e878498b780c22d1cc1bcbf4178c85d37e637d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 893965093930016a60072e42591bb4f14d1517ce3d7db989a3a17c3847b47252
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE10262F0DB864FE756DB285C513A47FD1EF8A310F1840BED05DCB2E3E959A9068742
                                                                                                                                                                                    Function 00007FF9CD281765 Relevance: .3, Instructions: 348COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 452 7ff9cd281765-7ff9cd281767 453 7ff9cd281769 452->453 454 7ff9cd281751-7ff9cd281757 452->454 457 7ff9cd28176a-7ff9cd28176f 453->457 455 7ff9cd281759 454->455 456 7ff9cd281742-7ff9cd281747 454->456 458 7ff9cd281748-7ff9cd28174f 456->458 459 7ff9cd281731-7ff9cd281737 456->459 457->455 460 7ff9cd281771-7ff9cd281777 457->460 458->454 461 7ff9cd281739-7ff9cd28173f 458->461 459->461 462 7ff9cd281721 459->462 463 7ff9cd281779-7ff9cd28177f 460->463 464 7ff9cd281761 460->464 465 7ff9cd281740-7ff9cd281741 461->465 466 7ff9cd281729-7ff9cd28172f 461->466 462->466 463->457 467 7ff9cd281781-7ff9cd281789 463->467 464->452 465->456 466->459 469 7ff9cd281719 466->469 470 7ff9cd28178b-7ff9cd28179e 467->470 471 7ff9cd281724-7ff9cd281726 467->471 469->458 472 7ff9cd28171b-7ff9cd28171f 469->472 471->466 472->462 475 7ff9cd281709 472->475 476 7ff9cd28170a-7ff9cd28170f 475->476 477 7ff9cd281710-7ff9cd281711 476->477 478 7ff9cd2816f9-7ff9cd281707 476->478 477->465 483 7ff9cd281713-7ff9cd281716 477->483 478->475 479 7ff9cd2816f1 478->479 479->476 480 7ff9cd2816f3-7ff9cd2816f7 479->480 480->478 483->469
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: fcc2c613a59c2e28c729ce73e7473a4376fd7f489df503d9aee89698bc8ca379
                                                                                                                                                                                    • Instruction ID: 3c1ddc0745f32907b33b1459996ac51409661b57379b1bad7d1e6c89a3257d7d
                                                                                                                                                                                    • Opcode Fuzzy Hash: fcc2c613a59c2e28c729ce73e7473a4376fd7f489df503d9aee89698bc8ca379
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EA12A72E1CB9B4BE759DE2C8C822B57BD1EF55310B58517FD0AAC31C6FD58B9028A80
                                                                                                                                                                                    Function 00007FF9CD285021 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 484 7ff9cd285021-7ff9cd285033 485 7ff9cd28507d-7ff9cd28507e 484->485 486 7ff9cd285035-7ff9cd285051 484->486 488 7ff9cd285080-7ff9cd28509c 485->488 489 7ff9cd2850c8-7ff9cd2850df 485->489 486->485 488->489 492 7ff9cd2850ea-7ff9cd2850fb 489->492 493 7ff9cd2850e1-7ff9cd2850e9 489->493 494 7ff9cd2850fd-7ff9cd285105 492->494 495 7ff9cd285106-7ff9cd285117 492->495 493->492 494->495 496 7ff9cd285119-7ff9cd285121 495->496 497 7ff9cd285122-7ff9cd285133 495->497 496->497 498 7ff9cd28513e-7ff9cd28514f 497->498 499 7ff9cd285135-7ff9cd28513d 497->499 500 7ff9cd28515a-7ff9cd28516b 498->500 501 7ff9cd285151-7ff9cd285159 498->501 499->498 502 7ff9cd28516d-7ff9cd285175 500->502 503 7ff9cd285176-7ff9cd285187 500->503 501->500 502->503 504 7ff9cd285189-7ff9cd285191 503->504 505 7ff9cd285192-7ff9cd2851a3 503->505 504->505 506 7ff9cd2851ae-7ff9cd2851bf 505->506 507 7ff9cd2851a5-7ff9cd2851ad 505->507 508 7ff9cd2851ca-7ff9cd2851db 506->508 509 7ff9cd2851c1-7ff9cd2851c9 506->509 507->506 510 7ff9cd2851dd-7ff9cd2851e5 508->510 511 7ff9cd2851e6-7ff9cd2851f7 508->511 509->508 510->511 512 7ff9cd2851f9-7ff9cd285201 511->512 513 7ff9cd285202-7ff9cd285213 511->513 512->513 514 7ff9cd28521e-7ff9cd28522f 513->514 515 7ff9cd285215-7ff9cd28521d 513->515 516 7ff9cd28523a-7ff9cd28524b 514->516 517 7ff9cd285231-7ff9cd285239 514->517 515->514 518 7ff9cd28524d-7ff9cd285255 516->518 519 7ff9cd285256-7ff9cd285267 516->519 517->516 518->519 520 7ff9cd285269-7ff9cd285271 519->520 521 7ff9cd285272-7ff9cd285283 519->521 520->521 522 7ff9cd28528e-7ff9cd2852e6 521->522 523 7ff9cd285285-7ff9cd28528d 521->523 526 7ff9cd28534d-7ff9cd285364 522->526 527 7ff9cd2852e8-7ff9cd2852ef call 7ff9cd281908 522->527 523->522 529 7ff9cd2852f4-7ff9cd2852f9 527->529 529->526 530 7ff9cd2852fb-7ff9cd28534a 529->530 530->526
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f62bcd6cd04e04e943f7aa491e096451617776aa4042bc54c859f4357ddd40d6
                                                                                                                                                                                    • Instruction ID: 687f803649fe0c13503fc45fd36ef3c4982e4171df8072fcde514894e68ccace
                                                                                                                                                                                    • Opcode Fuzzy Hash: f62bcd6cd04e04e943f7aa491e096451617776aa4042bc54c859f4357ddd40d6
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6C1A03190E7C65FE3178B749C61A957FA0AF03259B1D02EBC094CB1E7EA9D640AC762
                                                                                                                                                                                    Function 00007FF9CD2816EB Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 534 7ff9cd2816eb-7ff9cd2816ee 535 7ff9cd2816f1 534->535 536 7ff9cd28170a-7ff9cd28170f 535->536 537 7ff9cd2816f3-7ff9cd2816f7 535->537 539 7ff9cd281710-7ff9cd281711 536->539 540 7ff9cd2816f9-7ff9cd281707 536->540 537->540 543 7ff9cd281740-7ff9cd281741 539->543 544 7ff9cd281713-7ff9cd281716 539->544 540->535 541 7ff9cd281709 540->541 541->536 549 7ff9cd281742-7ff9cd281747 543->549 545 7ff9cd281719 544->545 547 7ff9cd28171b-7ff9cd28171f 545->547 548 7ff9cd281748-7ff9cd28174f 545->548 547->541 550 7ff9cd281721 547->550 552 7ff9cd281739-7ff9cd28173f 548->552 555 7ff9cd281751-7ff9cd281757 548->555 549->548 551 7ff9cd281731-7ff9cd281737 549->551 554 7ff9cd281729-7ff9cd28172f 550->554 551->550 551->552 552->543 552->554 554->545 554->551 555->549 556 7ff9cd281759 555->556
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 82c7e2182b5d8596dfd55c7270108e37d5439a4742cd15c3d53081836a0056fc
                                                                                                                                                                                    • Instruction ID: 74e1691a487913c39fac4fe72784743dccb1445dc0c905007d54fc6979bd64b3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82c7e2182b5d8596dfd55c7270108e37d5439a4742cd15c3d53081836a0056fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 57A14B72E1CB9B4BE359DE2C8C812B57BD0EF55310B48517FE0AAC30C6FD59B9028A80
                                                                                                                                                                                    Function 00007FF9CD28AAB5 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a95a72080447f7c2d7437ff9baede9733e425419bdaa4384e458efc63696c670
                                                                                                                                                                                    • Instruction ID: f96a525a402c242cb0087084ae840be85ab65adaee01b0181ca0c8d7a3da4314
                                                                                                                                                                                    • Opcode Fuzzy Hash: a95a72080447f7c2d7437ff9baede9733e425419bdaa4384e458efc63696c670
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C913A62A1CBDB1FD359DE288C912B57BD1EF5631070841BFE09AC71C7ED59B9068B80
                                                                                                                                                                                    Function 00007FF9CD281720 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c0ee622629c4efde87f3499e2c31ce824a8d79455ed9a9bda493d8564056e122
                                                                                                                                                                                    • Instruction ID: ccb7a225b76e3d66ef05c77d60897c13ca7c42eb226c18303b9b11d2b96bd5b5
                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ee622629c4efde87f3499e2c31ce824a8d79455ed9a9bda493d8564056e122
                                                                                                                                                                                    • Instruction Fuzzy Hash: 73915C72E1CB9B4BE759DE1C8C812B57BD1EF55310B54517FE0AAC31C6FD58B9028A80
                                                                                                                                                                                    Function 00007FF9CD2850B9 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7989233e814d4f22a05c5f1928cb68aa33132b8de3d4f086b645c6ea1ec4e036
                                                                                                                                                                                    • Instruction ID: fe64dd3093c2ba215637b5753e6e192b7e40364ac10b4445d72130b85fbd1cf8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7989233e814d4f22a05c5f1928cb68aa33132b8de3d4f086b645c6ea1ec4e036
                                                                                                                                                                                    • Instruction Fuzzy Hash: CFC1823190E7C24FE3178B749C61A547FA0AF03259B1D02EBC0D4CB1E7E99D645AC762
                                                                                                                                                                                    Function 00007FF9CD281908 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8781a7f8e88f0d6d82e5340e70c9e07be8828ad7498a8ff80a06577298149607
                                                                                                                                                                                    • Instruction ID: 5480ad127ed2cedbd983d8b51dae1446afea8e0c28db418d01be9813645de671
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8781a7f8e88f0d6d82e5340e70c9e07be8828ad7498a8ff80a06577298149607
                                                                                                                                                                                    • Instruction Fuzzy Hash: 88710571A08A4E8FEB59DF58C885BA97BF1FF59304F04416ED01EC7282DAB4B845CB80
                                                                                                                                                                                    Function 00007FF9CD284264 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2e75a075dc9f86476342bc018ebadd73ea11aa1fa54f858c84f41acb1d355d6f
                                                                                                                                                                                    • Instruction ID: c63a1d4b35c628f0938a03ce72f090acd4917a5214207bfa4fb9b2760948b932
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e75a075dc9f86476342bc018ebadd73ea11aa1fa54f858c84f41acb1d355d6f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5381E362A0DBC64FE357DB785C153A57FA1AF12250F1901FFC498CB0E3EA5829468742
                                                                                                                                                                                    Function 00007FF9CD28D6E0 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 107ba588944030d78f45e813f86242584d759a330b762eec4aeb0873b490bc1a
                                                                                                                                                                                    • Instruction ID: f6dcb53264197819df8628b39b2d9b790aa5c79311a93f5f62b57c30dd166a6d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 107ba588944030d78f45e813f86242584d759a330b762eec4aeb0873b490bc1a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B61F332B0CA5A4FD748EF7CAC556F97BE0EF46325B0441BBE05DD7292EE2468498780
                                                                                                                                                                                    Function 00007FF9CD2834B1 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ee41acd513cf13adb5197d43a9cc2954a9cb3b7306f7e18f8a3cfc5bb6697f43
                                                                                                                                                                                    • Instruction ID: bfcce584d214f27659c52c9bdf5cdf9360434816eca1e21a610d28afb1ddcb52
                                                                                                                                                                                    • Opcode Fuzzy Hash: ee41acd513cf13adb5197d43a9cc2954a9cb3b7306f7e18f8a3cfc5bb6697f43
                                                                                                                                                                                    • Instruction Fuzzy Hash: 06716873E0C79A8BEB55DA688C44AB87FA0EF15310F04027BD469DB1C6FA58B906CB41
                                                                                                                                                                                    Function 00007FF9CD284895 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ef1c16838d7c1ee77b9064d2fac6b472c749f67d63d10427c8113dbbaa505b3f
                                                                                                                                                                                    • Instruction ID: eaca769984c9c9dea8d8fd4747fe4057016640cb5110fbd277648757570727fd
                                                                                                                                                                                    • Opcode Fuzzy Hash: ef1c16838d7c1ee77b9064d2fac6b472c749f67d63d10427c8113dbbaa505b3f
                                                                                                                                                                                    • Instruction Fuzzy Hash: A271B632A0CA5A4FDB59DA188C857A877E2EF54300F0442BBD41ED7182EE747A868F81
                                                                                                                                                                                    Function 00007FF9CD28933D Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ab7e0f86283b4f7221e96c58947c4a273dbfe1051b1ce4fc4f5575432e8b703d
                                                                                                                                                                                    • Instruction ID: 49f355541c0730db18e920125e328cbc4b8ed49f6aacfbb58c2e614fa97c3321
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab7e0f86283b4f7221e96c58947c4a273dbfe1051b1ce4fc4f5575432e8b703d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A61AF31A0995E8BEB5ADA24CC557F8B7A0EF65300F1012FBD45ED3192EE786A858F40
                                                                                                                                                                                    Function 00007FF9CD2821DD Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1bac7d4f7f838510cd281f0b9f4c27d6c9a863dc281b33c161c65da44d736275
                                                                                                                                                                                    • Instruction ID: 1cac364dd9030ab57a2014b119f1315c712b3710579180d4a97ad09d7cfd3b4c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bac7d4f7f838510cd281f0b9f4c27d6c9a863dc281b33c161c65da44d736275
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7961E032E0D68A8FE74ADF788C557A97BA0FF06300F4811ABD05CDB1D7EA6879458B11
                                                                                                                                                                                    Function 00007FF9CD284736 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7d1a14b425773cf28cf173a54d7f43257dbb778a7f790397a27ca98c7d316f27
                                                                                                                                                                                    • Instruction ID: f246cddc103dbdd8ae0bbc7659b6440c34e9f2f966f914da5272707f86f32a6d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d1a14b425773cf28cf173a54d7f43257dbb778a7f790397a27ca98c7d316f27
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5511672E0C64A8FEB99DE188C857F477E1EF55301F0441BBC41DD7196EAB86A898B80
                                                                                                                                                                                    Function 00007FF9CD2862E5 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9ac71a859ff1eb0b0c14199d2ade0b046cae9021b5037d345382ba3c695ab0a5
                                                                                                                                                                                    • Instruction ID: 116445ff184ec4318ca743e5d67e806d842bdcc2723e2ba271fcfd2ad007fe1c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac71a859ff1eb0b0c14199d2ade0b046cae9021b5037d345382ba3c695ab0a5
                                                                                                                                                                                    • Instruction Fuzzy Hash: D951B13148E7C55FC3468BA48C65AD63FF4DF9B220B0942EBE089CB563C16D594BC762
                                                                                                                                                                                    Function 00007FF9CD283098 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8263a7ae84f1d14631ce709bae7afed35e88174ce5f1a71809af5400547a4d2a
                                                                                                                                                                                    • Instruction ID: f53763ad55aa6b8b49a5b3c76af6aba2eb4066c18d8482b2b1bce9dff7287dec
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8263a7ae84f1d14631ce709bae7afed35e88174ce5f1a71809af5400547a4d2a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E514D31A1894E8FDF84EF68C8597F977E1FF69351F00127AD429D32D1DA78A9808B80
                                                                                                                                                                                    Function 00007FF9CD28536C Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 61dca1b1dffd29633ecc835bf5279e8c391587770211200834c663ece8ec5c10
                                                                                                                                                                                    • Instruction ID: ec74c8e46da07165711365969e3a34c5ca2c8692343d5e2bb44a43c74113af0b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 61dca1b1dffd29633ecc835bf5279e8c391587770211200834c663ece8ec5c10
                                                                                                                                                                                    • Instruction Fuzzy Hash: 88412A71A0CB4E4FD749CFA898567B57FE0EF16314F04017FD05DC7192EA6868088B91
                                                                                                                                                                                    Function 00007FF9CD286C78 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bb90ac2d0a671027a8a60f94fb714e5f4716d8f73a237ebb63ad7301c2e4c848
                                                                                                                                                                                    • Instruction ID: 5184b2b2cf0ad17c84cf2bb2c6edaccc29ce89fa2a20f10d29afbb2ee3eca82e
                                                                                                                                                                                    • Opcode Fuzzy Hash: bb90ac2d0a671027a8a60f94fb714e5f4716d8f73a237ebb63ad7301c2e4c848
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F414873E0C68B4BEB59EAA88C01AFD77A0EF41311F08027BD469D71C2F9A579058B81
                                                                                                                                                                                    Function 00007FF9CD286B30 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b693bba1861fce443677891d63c615e1a57009d250efc3a91c99ceee054b6523
                                                                                                                                                                                    • Instruction ID: 369ff4a6006a56715b6501ab4b3134548ce70ba7b776629d0156522fea3b16f9
                                                                                                                                                                                    • Opcode Fuzzy Hash: b693bba1861fce443677891d63c615e1a57009d250efc3a91c99ceee054b6523
                                                                                                                                                                                    • Instruction Fuzzy Hash: EF414677F0CB894FE714DFACAC866E97BA0FF56362B00413BC08897156E520690A8782
                                                                                                                                                                                    Function 00007FF9CD28EEC2 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b4d8af10c5fac19229a3b595c8a283932b82062ce502773cdf740a4dc47d4bf0
                                                                                                                                                                                    • Instruction ID: 2814d422e090c3a4938f3786b4848e904fe0c7e202f54a59c16e2ff4f20d42d6
                                                                                                                                                                                    • Opcode Fuzzy Hash: b4d8af10c5fac19229a3b595c8a283932b82062ce502773cdf740a4dc47d4bf0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E411732B08A8A4FDB41EF28EC417E977A0FF56325F00447AD819C7196DA65E806CB80
                                                                                                                                                                                    Function 00007FF9CD283AB4 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8e3981dd4b90d19241241d2728c521f3a8854593a19875680497e3d60643a383
                                                                                                                                                                                    • Instruction ID: 856509177758256592a7862df40693bb61623f3e6e778138351f23753f2b4869
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e3981dd4b90d19241241d2728c521f3a8854593a19875680497e3d60643a383
                                                                                                                                                                                    • Instruction Fuzzy Hash: AE313971A1CB888FDB4CDB5C9C466F57BE0FB6A321F14426FD049D3252DA6468068B81
                                                                                                                                                                                    Function 00007FF9CD288600 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9e62e66a0a07fae5d31c721f348adb1734e997ed33d0aff9e6cb9e74cd9af489
                                                                                                                                                                                    • Instruction ID: c4755a0eb424d91dc06d3fcddecbc17d361efb09207b320e6d41b724aa4cdbfd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e62e66a0a07fae5d31c721f348adb1734e997ed33d0aff9e6cb9e74cd9af489
                                                                                                                                                                                    • Instruction Fuzzy Hash: 34419032E0C68A8FDB49CF6898546ADFBB1FF59304F1840AEC05EE7293DA646905CB11
                                                                                                                                                                                    Function 00007FF9CD28DDA7 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c86aea55e173f186bb506a745a8eb3e377613061102392bcd7a17fa148fb7603
                                                                                                                                                                                    • Instruction ID: 58c3bce57f55a481272e0679a7c4b1e3e583be291268945afb6d96c4bd9921b4
                                                                                                                                                                                    • Opcode Fuzzy Hash: c86aea55e173f186bb506a745a8eb3e377613061102392bcd7a17fa148fb7603
                                                                                                                                                                                    • Instruction Fuzzy Hash: DC312E27B0CB9A4FD755DF1DAC622EA7BA0FF51320B000177C569C7183ED68681D8B81
                                                                                                                                                                                    Function 00007FF9CD283BBC Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0bcc71dc23677cfb2eecd401fa18e1e4413f923ab6f9a21c58b6494eae163c9f
                                                                                                                                                                                    • Instruction ID: c2f1cb170fa9d60f722ea00d31542c1b026573f0b3763a830d8c1541b11148cf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bcc71dc23677cfb2eecd401fa18e1e4413f923ab6f9a21c58b6494eae163c9f
                                                                                                                                                                                    • Instruction Fuzzy Hash: CA310871A0CB888FDB4DDB5C9C456F57BF0FBAA321F14026FD049D3252DB6468068B91
                                                                                                                                                                                    Function 00007FF9CD28DD9F Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7e1ce18f23835b4b1cd8776169defd09e781fcf79e79158ef06fa651430dd497
                                                                                                                                                                                    • Instruction ID: bb55405af5d5658e0c1e5327161b960367deacc7d155a0f8f5d3857950e6c8b0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e1ce18f23835b4b1cd8776169defd09e781fcf79e79158ef06fa651430dd497
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E310C23B0CB9A4FD715DF1DAC612EA77A0FF51320B001177D569C7182E968681A8B81
                                                                                                                                                                                    Function 00007FF9CD280F6D Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 01097f8663d9b18f963fe2e40e1d9f0772bdd9688c95acb5dd9ed1b3505d38b0
                                                                                                                                                                                    • Instruction ID: a5353debd1b7df505d03e06c521ad7166994bdffe48bf6f5dff1fb0f364f2537
                                                                                                                                                                                    • Opcode Fuzzy Hash: 01097f8663d9b18f963fe2e40e1d9f0772bdd9688c95acb5dd9ed1b3505d38b0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31E371A0C74C8FEB58EF6CD8467F9BBE0EBA5320F14416FD048C7156EA60A9058B81
                                                                                                                                                                                    Function 00007FF9CD2839D4 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 06c170c5d083f104fe4575cbf24e3f6b5e4f8e94b4af158d12bac1ac40274cf9
                                                                                                                                                                                    • Instruction ID: c8bfeb9936e039b56650fd59cfdf4d095c4ac9e9024db00626dd00f056885041
                                                                                                                                                                                    • Opcode Fuzzy Hash: 06c170c5d083f104fe4575cbf24e3f6b5e4f8e94b4af158d12bac1ac40274cf9
                                                                                                                                                                                    • Instruction Fuzzy Hash: C131D571A0CB488FEB19DF989C86AE9BBF0EF56320F04426FD049D3156D6747849CB92
                                                                                                                                                                                    Function 00007FF9CD28BCD1 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a84062b188a776feca2ad93bb2d615658536f32250f1d194dc3c3c47f14026e5
                                                                                                                                                                                    • Instruction ID: cbc423eb2501bc951b3182d248af17e66c9acb984845264eeac9c2d598f4aec5
                                                                                                                                                                                    • Opcode Fuzzy Hash: a84062b188a776feca2ad93bb2d615658536f32250f1d194dc3c3c47f14026e5
                                                                                                                                                                                    • Instruction Fuzzy Hash: C731D131609A8C5FEB55DF288858BB63BE1EF5A301F0401AEE80DD71A3DA65AC44C781
                                                                                                                                                                                    Function 00007FF9CD289266 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7125492aa088ecfa90997b40e76faa72028dd01584498393d03568918be24fad
                                                                                                                                                                                    • Instruction ID: 54539e8010e355759c2c02cafb5ec6dc9e8f38fe45435175c09a811346e9580a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7125492aa088ecfa90997b40e76faa72028dd01584498393d03568918be24fad
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0831DF33E1D95A4FE716EA249C013F9B690EF56301F4421BBD06ED20D3FEA83B058A40
                                                                                                                                                                                    Function 00007FF9CD288C08 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 75124981e59516b77adf5af566705a269f0c86a23836be52513772e562c8974d
                                                                                                                                                                                    • Instruction ID: 695816bf5e99cb1f81880b503842b00a284f6eed89ac92c2c1dfdc9229250a7e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 75124981e59516b77adf5af566705a269f0c86a23836be52513772e562c8974d
                                                                                                                                                                                    • Instruction Fuzzy Hash: E721A471708A4D5FEB59DE288859B7537D1EB59311F0401BED80DD32A2DE75EC45C780
                                                                                                                                                                                    Function 00007FF9CD28BB58 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6f62f016bdd90ce7671693721b57dd2de52cc2e887d2530a034a1b77e111f994
                                                                                                                                                                                    • Instruction ID: eb449dd2a8eac16351dddf8495f9d47a8d3a2d38b2337427f9ccd856b8e841da
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f62f016bdd90ce7671693721b57dd2de52cc2e887d2530a034a1b77e111f994
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8113632E0CB4A4FDB54DF285C066A6BBD0EB99361B04126FE418D3156D964F84187D1
                                                                                                                                                                                    Function 00007FF9CD28AE54 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 102384f59dd8dccf1a199489adcb19ee1dda53b4b14f5c132a553066828cd7fa
                                                                                                                                                                                    • Instruction ID: 592795b8d2eb188f47e31f215da7d86baebb7e996bc1e4a032cb76f87ae3c4cc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 102384f59dd8dccf1a199489adcb19ee1dda53b4b14f5c132a553066828cd7fa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 30115C6391DB8A4FE761DE385C85269BBD0FF54350F0C0ABBD469C7092F9987A048702
                                                                                                                                                                                    Function 00007FF9CD290280 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 74686bbeb2f1d649c552f91fcf13757fc3f3f30b0e63975ee3d9fe75665e9413
                                                                                                                                                                                    • Instruction ID: f16da6a09f9a1f3c1daa937fe0b855e7564daf8e91f606285526251c7566f660
                                                                                                                                                                                    • Opcode Fuzzy Hash: 74686bbeb2f1d649c552f91fcf13757fc3f3f30b0e63975ee3d9fe75665e9413
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621A131A0968D8FCF95DF6888156A93BE0FF55301F0401AFE428D7191E775E514CB41
                                                                                                                                                                                    Function 00007FF9CD28095E Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bda49c8e32eff72bc3e5b60bee9c85769fcdf3a206ca377875d266bab9d1dcb4
                                                                                                                                                                                    • Instruction ID: d115be7feaaf9a460c2ddc9414fee4edc7104cc3f5d37eefade190fb6ab1c823
                                                                                                                                                                                    • Opcode Fuzzy Hash: bda49c8e32eff72bc3e5b60bee9c85769fcdf3a206ca377875d266bab9d1dcb4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A219292A4EBC51FE38393B419293667FE15F87115F4D40EAC9C9CB1E3F95C58068322
                                                                                                                                                                                    Function 00007FF9CD28B650 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0aaf3d5def77c888092dcf08ee3b6d42602b0b3db987969dd821d1ceb7de18b3
                                                                                                                                                                                    • Instruction ID: f1faca15e5420ba802895fc5ebd3951379035414b134b68dcd291c709d134f14
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aaf3d5def77c888092dcf08ee3b6d42602b0b3db987969dd821d1ceb7de18b3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E11C631708D1D4FCF60EE1CA8456EAB7E0FB98315F10067BE419C3151DA60E9048BC1
                                                                                                                                                                                    Function 00007FF9CD2815D0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a8792924cce6252fee1aca0c6f2d277950403980c8eb5441e55426fd7a827f7a
                                                                                                                                                                                    • Instruction ID: 82463cf27478e5daffb18d3306f7394fa43b416bf4c5071b7683d0c97ce64422
                                                                                                                                                                                    • Opcode Fuzzy Hash: a8792924cce6252fee1aca0c6f2d277950403980c8eb5441e55426fd7a827f7a
                                                                                                                                                                                    • Instruction Fuzzy Hash: C411E213F5DA670BE655AB6C2C013F47B80EF51771F0852B7E46CD9082FC482A868A91
                                                                                                                                                                                    Function 00007FF9CD283400 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9c486a5eb419f629d93d52fc1ef7c964372be01420ac0da1bd5dcb17875febda
                                                                                                                                                                                    • Instruction ID: 2a6cf590068f916e7fc5fe50c4097f07a272ab7b6106d9fdf2d682166cd4ec63
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c486a5eb419f629d93d52fc1ef7c964372be01420ac0da1bd5dcb17875febda
                                                                                                                                                                                    • Instruction Fuzzy Hash: CA218162D0E6C30FE3539A744C6A2A57F909F13350F1911FBC494CB0E3F98D694A8752
                                                                                                                                                                                    Function 00007FF9CD280ADD Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 50561d5efd94c1cc959902cb8a58a28c39377c17237bba87fb9eb264510495ec
                                                                                                                                                                                    • Instruction ID: 25a32a9877be267aa5630613b8a9b16fb8494914613a6f73a9409d268aa2780f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 50561d5efd94c1cc959902cb8a58a28c39377c17237bba87fb9eb264510495ec
                                                                                                                                                                                    • Instruction Fuzzy Hash: C311E761A0D7C40FE346973858193E57FD1EF5A215F5841EBD88CDA6A7EA1C8A428342
                                                                                                                                                                                    Function 00007FF9CD2815D8 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 09bd2ad9990ff11911e1805bc69b0fecb4aebe198417d6696375de6b5093b8ce
                                                                                                                                                                                    • Instruction ID: 6912c1a9cc5b4988e793f8f7703662fbbe847a97a0c4dee3ca92e5dba21a13e0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 09bd2ad9990ff11911e1805bc69b0fecb4aebe198417d6696375de6b5093b8ce
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC11C113F5DA6707E6559B6C2C013F46740EF51771F0852B7E468D9086FC4C3A854A91
                                                                                                                                                                                    Function 00007FF9CD285B64 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e75f31d56bc03089629cd0ff998226eb7b5dd0031d919514a9ad7d6d6a10a48d
                                                                                                                                                                                    • Instruction ID: a758d89bed7cb89cbab915eaf615422c0ef6cbd8a94ab0fb1e84cbc3aec431f9
                                                                                                                                                                                    • Opcode Fuzzy Hash: e75f31d56bc03089629cd0ff998226eb7b5dd0031d919514a9ad7d6d6a10a48d
                                                                                                                                                                                    • Instruction Fuzzy Hash: F011B632A0CA4A8FEB58DFA89C41BA4B7E0FB54315F04813BC41DD7546EBA8B5458B81
                                                                                                                                                                                    Function 00007FF9CD287260 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 653639d9a502b88e50ee87fa32bd633bdb50d3e29e799ea4b526286a6933e1d0
                                                                                                                                                                                    • Instruction ID: 12dad39898216523cb9d04680ed168f815f327e87e50e5aea00a3bcfbcd7b5f8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 653639d9a502b88e50ee87fa32bd633bdb50d3e29e799ea4b526286a6933e1d0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7301C83271D68A0FE315A77CBC213F9BBC1DF56234F5401BECC8AC7292E95564428381
                                                                                                                                                                                    Function 00007FF9CD2848E2 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: fef6f40c941b2250545b764b21e56718ab33a5232e488de3293219ab4c3e86d5
                                                                                                                                                                                    • Instruction ID: b92076f631f5c7bbd27ce65abb1c22cf1f6e27e4c9954ab7b4d97c79ec999f81
                                                                                                                                                                                    • Opcode Fuzzy Hash: fef6f40c941b2250545b764b21e56718ab33a5232e488de3293219ab4c3e86d5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E11E132A0C60A8FEB69DE5888807E477A0EF44310F0485BBC01EC7147EAB86A898F50
                                                                                                                                                                                    Function 00007FF9CD2815E8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2f1368174b10c13ab382da43729123c528291c14bf57ed4da8b52a527dcb5d55
                                                                                                                                                                                    • Instruction ID: ec3c52ddb7d268ad579670b46ca9797a89947b8b822caad3d64e5602ec0dacae
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f1368174b10c13ab382da43729123c528291c14bf57ed4da8b52a527dcb5d55
                                                                                                                                                                                    • Instruction Fuzzy Hash: A601C403F5DA6707E6659A6C2C013F86B40EF91771F0852B7E56CD90C6FC4C3A864A92
                                                                                                                                                                                    Function 00007FF9CD2814B8 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 573d9e6f2cce86381478b4c3f57446dd372d4c9731e065515981e4d812b95796
                                                                                                                                                                                    • Instruction ID: cb8789249cdd5172834307943a4456e38f29a2189ac3d54a33025b1e83acb7d4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 573d9e6f2cce86381478b4c3f57446dd372d4c9731e065515981e4d812b95796
                                                                                                                                                                                    • Instruction Fuzzy Hash: 26115162E0E6C70FE7539A744C592A57E909F13310F1910FBD499CB0E3F98D69498791
                                                                                                                                                                                    Function 00007FF9CD281AC2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c3fb8f0671e68271814f28208e0d8b93dfd2339708b59dd81480a2790d4ba4b0
                                                                                                                                                                                    • Instruction ID: 5a0c9d330006014a6c9996bc4173cce191bf3bf0149c0950928cb29d5c46d94c
                                                                                                                                                                                    • Opcode Fuzzy Hash: c3fb8f0671e68271814f28208e0d8b93dfd2339708b59dd81480a2790d4ba4b0
                                                                                                                                                                                    • Instruction Fuzzy Hash: EB01E13794D25E9FE702EF78DC521E97B60EF11320F08517BE569920C2FA602656CB85
                                                                                                                                                                                    Function 00007FF9CD28AEA9 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2a373831f8a927e3335353075cb09afde1c2a223c1c63e4d9049aa5f533e7c9c
                                                                                                                                                                                    • Instruction ID: 2c63fe74506eb94541bde58682be9dc5b5454409efd71fc2513c6ed0d796a984
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a373831f8a927e3335353075cb09afde1c2a223c1c63e4d9049aa5f533e7c9c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C014962A1DBC50FD7628B388C913587FA0AF66314F5E06F7C054C7092E68DB9448741
                                                                                                                                                                                    Function 00007FF9CD2815F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bb2a1583026ab698ca88e087268d88da153b17ff83f7089ab37487905fdb39c4
                                                                                                                                                                                    • Instruction ID: 003ddfe331dbd772a7924ad196ab7f8cf0ac12c7b4205e6bf8738b19bd362f6d
                                                                                                                                                                                    • Opcode Fuzzy Hash: bb2a1583026ab698ca88e087268d88da153b17ff83f7089ab37487905fdb39c4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D019213F5DA6707E6659B6C2C013F46B40EF61761F0862B7E56CD90C6FC8C3A864A92
                                                                                                                                                                                    Function 00007FF9CD284592 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9a73de2df0461f9b887260f788ddfc117c43acd6e56e596b817565bc86906d01
                                                                                                                                                                                    • Instruction ID: 6445f09b775da124e2b6d157acef512448363e1e75e5cb22e043ea02f252c6e6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a73de2df0461f9b887260f788ddfc117c43acd6e56e596b817565bc86906d01
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0011E31394E7D30FE3978B7808113617FE19F53220B0D41FBD498CE097E48D594A8B52
                                                                                                                                                                                    Function 00007FF9CD2902BF Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c922b62fe8dbb8f6e18dc6412919b054ed4337429bcf85cb365493e8d0f26f10
                                                                                                                                                                                    • Instruction ID: 484f47e8000ab9c281f30cb3d454e1ee79138b353a10efcfa020879a686f49be
                                                                                                                                                                                    • Opcode Fuzzy Hash: c922b62fe8dbb8f6e18dc6412919b054ed4337429bcf85cb365493e8d0f26f10
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6901D431A08A4D8FDF44EF6898046EE77E5FB58301F00016FF42DD3281DB75AA148B42
                                                                                                                                                                                    Function 00007FF9CD285AFC Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 194109f67bb9210099734f1c5a34a1da85c71bff182815bc0f1413dbeb5b7154
                                                                                                                                                                                    • Instruction ID: a095fa54315fcc6a78e0bc3c6ee9f4838c7b3c0842901839c05206206cb130a0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 194109f67bb9210099734f1c5a34a1da85c71bff182815bc0f1413dbeb5b7154
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1801A572A0CA498FEB58DF989C85BE4B7E0FB54311F044167C41DD354AE768B5858B81
                                                                                                                                                                                    Function 00007FF9CD2815F8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6fad0a8877afea5a7f2c5bd2ded535f60e53c1ef38b5314aeec4066fb06b368e
                                                                                                                                                                                    • Instruction ID: c464a78310265fd10b77391c471a94237be15c5aec3605e7d0cd94b10cd3aa16
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fad0a8877afea5a7f2c5bd2ded535f60e53c1ef38b5314aeec4066fb06b368e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E01B113F5DA6307F6659B6C2C013B46B40EF61761F0862B7E46CD90C6FC8C3A864B92
                                                                                                                                                                                    Function 00007FF9CD28ED7D Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5fa0e141131204570931736fb39cb23cf500b77fbfbb302344a4775184eefbb0
                                                                                                                                                                                    • Instruction ID: 7ca7845989c1ff966eaa53ee60d585818c5510c163a6e2c897d82dfd24863df1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fa0e141131204570931736fb39cb23cf500b77fbfbb302344a4775184eefbb0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 97016831A2C7150FD768FB3448061B9B7C0EF45305B0408BFE89ED62E2EE2AE5828642
                                                                                                                                                                                    Function 00007FF9CD282552 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 70f78864af0d3b470d55941fe88d1afeaedcf173fe85744e1b3a7ce3c2ec4ddc
                                                                                                                                                                                    • Instruction ID: 3e9d5c0185efe2eea6f0a224497b070998a2f016755ef295650edd0fbddc7cc2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 70f78864af0d3b470d55941fe88d1afeaedcf173fe85744e1b3a7ce3c2ec4ddc
                                                                                                                                                                                    • Instruction Fuzzy Hash: EE012B22D4DE9B0FD759EB380C742B52BD0EF59314B0905BBC8E9D7093E84C99458751
                                                                                                                                                                                    Function 00007FF9CD28B6F0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7e4e1b7a9ee36f944a2a37abb28265d5b1f26071b046c8cd6ad52e9405f6a760
                                                                                                                                                                                    • Instruction ID: 8088a258156c26ebed66864d062c9dd5a82938be4f0e278b3a33949d8b7f1228
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e4e1b7a9ee36f944a2a37abb28265d5b1f26071b046c8cd6ad52e9405f6a760
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6601F572A0968E4BEB94EE389C496F93BD1EF45324B0802BED419D7586E9A4B506C780
                                                                                                                                                                                    Function 00007FF9CD281758 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 601e1a5f0e8ed4933ce1c6aab63aa6c765a5e62350b588b068b0eb8f1830e702
                                                                                                                                                                                    • Instruction ID: e0c18c3922131d2b279ef308732c741b5de1c88519cf40f1fe76cc83e7222378
                                                                                                                                                                                    • Opcode Fuzzy Hash: 601e1a5f0e8ed4933ce1c6aab63aa6c765a5e62350b588b068b0eb8f1830e702
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC012135E18A0E9FDF94DF1C98456D977F0FB18314F005596E429D3284DB74EA508F80
                                                                                                                                                                                    Function 00007FF9CD28702D Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0170abc2378d06449ec60b93471321846dd0b4cae67ec67dc611a0fc30270b48
                                                                                                                                                                                    • Instruction ID: f1a1197af8553148832c29d9784d10cf399bd05d4452baf5ecb40717ff6c6e94
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0170abc2378d06449ec60b93471321846dd0b4cae67ec67dc611a0fc30270b48
                                                                                                                                                                                    • Instruction Fuzzy Hash: 11018422B08E4B8BEB95EE8848916F9B6A1FF54310F441076D51DE3186ED64A9098780
                                                                                                                                                                                    Function 00007FF9CD281780 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d85eea36a4f13e6a400edc9dcc9d7cbc2ae0c283019e65c734313b845e2e111a
                                                                                                                                                                                    • Instruction ID: 0bc32d36a33c56747096cff6d8fefc7dcaaad859134767fa74ef9b4461cf2822
                                                                                                                                                                                    • Opcode Fuzzy Hash: d85eea36a4f13e6a400edc9dcc9d7cbc2ae0c283019e65c734313b845e2e111a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 29F0F952B2CF5B0BEB74EB2C98C433DA5D1EBA8394F585977E02DC2085ED9E36404644
                                                                                                                                                                                    Function 00007FF9CD281608 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c43ff5e95e9dbafd50a1d93b2a787785731ed22d60ef52a54b996bc8f068c854
                                                                                                                                                                                    • Instruction ID: f5629c7f5ef5e88513877318d2961766785fc79630848a70b6e0d5929e6869e9
                                                                                                                                                                                    • Opcode Fuzzy Hash: c43ff5e95e9dbafd50a1d93b2a787785731ed22d60ef52a54b996bc8f068c854
                                                                                                                                                                                    • Instruction Fuzzy Hash: C0F0A713E0DA6347F655DE6C1C013B46640EF51721F0851B7E469D50C6FC4C3E854B91
                                                                                                                                                                                    Function 00007FF9CD28BBF5 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 44a0bea2255a35c051f4f89f28a83dd918903838e6378a1935fcb93aeefb4a4e
                                                                                                                                                                                    • Instruction ID: 6a7281e01057521def09a32d85b910873417b7befc694b77b33d8d663144e4e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 44a0bea2255a35c051f4f89f28a83dd918903838e6378a1935fcb93aeefb4a4e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D018F7561DBC95FC799DB288818B66BFE0EFAA215F0805AFD4CCD72A2DE745804C702
                                                                                                                                                                                    Function 00007FF9CD28B22C Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 599c93d4bb9ca6d83c7002d2fae4a8562ae4b0e3708d00e1ba0fee889fa637e2
                                                                                                                                                                                    • Instruction ID: 89ddb6620d8ed43211c074ba74a6f34d8cf7930ce72578b6e63f630023d05d3e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 599c93d4bb9ca6d83c7002d2fae4a8562ae4b0e3708d00e1ba0fee889fa637e2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF0AF31A1CA1E8FDF98EF0898942BDB3E0FB98314F10046FE069D3244DA35AA00CB81
                                                                                                                                                                                    Function 00007FF9CD2912E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 02fd20b11614a41ddbbba6937e5ef2f03d006cb76913fdea62745784bbd199ff
                                                                                                                                                                                    • Instruction ID: 9bb8bdbe340419965d10ed086b8759886bfdf57c570eef0b023fbf2a280ab828
                                                                                                                                                                                    • Opcode Fuzzy Hash: 02fd20b11614a41ddbbba6937e5ef2f03d006cb76913fdea62745784bbd199ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F08696E1DBCA5BF7979A6908016A03FA0AF12710B4811E7F46CC65D3F8897D08CB86
                                                                                                                                                                                    Function 00007FF9CD281AE8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 269cff56610180f2094f624b2fdea1dd05825a1212ecb2b066d5acf2ce60ad51
                                                                                                                                                                                    • Instruction ID: 631178c3540b9dca99042907407b3ba5ce9ad1b3d85addc32adbfb6553dd29ea
                                                                                                                                                                                    • Opcode Fuzzy Hash: 269cff56610180f2094f624b2fdea1dd05825a1212ecb2b066d5acf2ce60ad51
                                                                                                                                                                                    • Instruction Fuzzy Hash: 82F0F43390D65E8BE713EF289C525ED7B20EF11310F09117BE56A930C2FE603656CA80
                                                                                                                                                                                    Function 00007FF9CD281610 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 561e9470c5f9a8f17d4daf3b96b3ae9d859e6debe0427e643dad0151a2de7faa
                                                                                                                                                                                    • Instruction ID: aa94f0d7efaec8d35e1e43276aaac51af201c8b3d5c5bce3c355b05272d1b893
                                                                                                                                                                                    • Opcode Fuzzy Hash: 561e9470c5f9a8f17d4daf3b96b3ae9d859e6debe0427e643dad0151a2de7faa
                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF0A413E0DA634BF696DE6C1C013B46690AF15710F0951BBE469DA0C6F88C3E814B92
                                                                                                                                                                                    Function 00007FF9CD2874CA Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 452610921db9c2a8a559fd0f6e8dd2ed7f1b3411749c263ec5d2fc4d4983aab4
                                                                                                                                                                                    • Instruction ID: a7d6df75f2cfb8fcbea3aab029216e69002029ec2c2e0379cde498b219839867
                                                                                                                                                                                    • Opcode Fuzzy Hash: 452610921db9c2a8a559fd0f6e8dd2ed7f1b3411749c263ec5d2fc4d4983aab4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF05E63B0D88E0FE684FB3C18557B86A91EF59251B1495BBC44DDB1D7EC1869094340
                                                                                                                                                                                    Function 00007FF9CD282570 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 53c71be4a938088e06a3878960b1f478bc8f96c2384b9ea37891a90215196d04
                                                                                                                                                                                    • Instruction ID: dfa35199bbf79a27f72381d1faac24716cb83783b5d754612ca9d5d8d2668dae
                                                                                                                                                                                    • Opcode Fuzzy Hash: 53c71be4a938088e06a3878960b1f478bc8f96c2384b9ea37891a90215196d04
                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F0E922D49C6B07D758FA281C682B612C0EF9C315B050937CCADE3141EC5CAA404781
                                                                                                                                                                                    Function 00007FF9CD29030A Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 613cfed83f0180b3a96965383de7d9b9ea3862599365ec49507ae8a0438a1543
                                                                                                                                                                                    • Instruction ID: d3e3cca82497f43e3ecd4f6ae88bcdb495255256ef7f475d1490e6928ca4fa1d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 613cfed83f0180b3a96965383de7d9b9ea3862599365ec49507ae8a0438a1543
                                                                                                                                                                                    • Instruction Fuzzy Hash: C6F08275A08A4D8BCF48DF1C88151EE7BF1FB58300F00416FE419D3241DA75AA148B41
                                                                                                                                                                                    Function 00007FF9CD281998 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4fd87758cb4548adb813c4ed0084667f19711be6cb07213e2fa860fc380ba850
                                                                                                                                                                                    • Instruction ID: 7d90f2a98cb91d41c3522d6736b2cfc699606484b9e57b0a6da07b16db5fc5e1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fd87758cb4548adb813c4ed0084667f19711be6cb07213e2fa860fc380ba850
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF03030A18A4D8BCF48EF6C98152FE77F1FB58300F00452FF429E3280DA75AA148B45
                                                                                                                                                                                    Function 00007FF9CD281AF8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 37779c2a58308d5a7a6db369166e604f51fac9cb9ba2c69e4dd43a5b7d5f91d3
                                                                                                                                                                                    • Instruction ID: bd5dce7237eb3ced3e659f4a533d464a44ec14d8c25bfba4c513e0faf15d14d2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 37779c2a58308d5a7a6db369166e604f51fac9cb9ba2c69e4dd43a5b7d5f91d3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF0E237D0854E8BE712EF149C125FE7B20FF12300F482277E56A920D2FEA437558A80
                                                                                                                                                                                    Function 00007FF9CD280A23 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: dcc4f10dff4cdc2fb56bd470e7218a7b989b016094b7b5f1a4379ad64f76b604
                                                                                                                                                                                    • Instruction ID: bbc7a2daac539dd7d5fee40a1a21bb1d63f0dd4eb1a4df5dcc8101105bef71ac
                                                                                                                                                                                    • Opcode Fuzzy Hash: dcc4f10dff4cdc2fb56bd470e7218a7b989b016094b7b5f1a4379ad64f76b604
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EE01242B0CE8A0BF695E778082977999C2AF59355F1841FAE80DD32D3EC5C58414742
                                                                                                                                                                                    Function 00007FF9CD281B71 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4e325d681ca373c90e91d5e0de396b031dc7cf29c808114d314ce582937a8534
                                                                                                                                                                                    • Instruction ID: e08f32b88fedc3ee4d05840acf684e97c83180b48fa2d51c65a6bc34b9068aaf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e325d681ca373c90e91d5e0de396b031dc7cf29c808114d314ce582937a8534
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DE08062A0E7D50FD36797641C662987FE09F55611B4E11DBC044CF5D3F54D5C458341
                                                                                                                                                                                    Function 00007FF9CD2884B3 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 107836c415af6c263987e88bd5b46c8035baff9ec137faad94f9391050c0037e
                                                                                                                                                                                    • Instruction ID: 704e6ece850eed67d1028e948b694b0a4cc1a06bdfa45a433aa13d9b94c55f6b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 107836c415af6c263987e88bd5b46c8035baff9ec137faad94f9391050c0037e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE04F7151D6455FC244EB04D88199AB7E0FF94350F80192EF08AC3261DA60A941CB42
                                                                                                                                                                                    Function 00007FF9CD281E18 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7e07b8e656aa3910cd700bbfe2f31dee74b780328239b116adf94673afe8406c
                                                                                                                                                                                    • Instruction ID: 865644f300b40275fef995998d56e958d745484fe21a9d6a9ac7fb27d3da1a4c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e07b8e656aa3910cd700bbfe2f31dee74b780328239b116adf94673afe8406c
                                                                                                                                                                                    • Instruction Fuzzy Hash: FBD01721B0480B8FDA81FF18A8426EAB361EF49300F812032E42EC25C2DDA97D108B40
                                                                                                                                                                                    Function 00007FF9CD2823D7 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 411c9280a1ab5ef8dc415ab591cc764eba16b4c5f3dcbecde5993ccf320e1dc1
                                                                                                                                                                                    • Instruction ID: ec771ca66f849661f8e637c748858371c0df0f688a5125bcc84eb5f0238e7251
                                                                                                                                                                                    • Opcode Fuzzy Hash: 411c9280a1ab5ef8dc415ab591cc764eba16b4c5f3dcbecde5993ccf320e1dc1
                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C08C7361C24C8DEB08978CF8026F8BBE0E746235F00405BE28AC3912E213606B8B85
                                                                                                                                                                                    Function 00007FF9CD28F560 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 842341597ce1f1f89b10eeeaa55af35ae734036b56596e33d10043aa68178af8
                                                                                                                                                                                    • Instruction ID: 52430715313bb9da059ec484d13e2ab6b7c0dc296beba2a5533051862830cace
                                                                                                                                                                                    • Opcode Fuzzy Hash: 842341597ce1f1f89b10eeeaa55af35ae734036b56596e33d10043aa68178af8
                                                                                                                                                                                    • Instruction Fuzzy Hash: DEA00201A8541E067445755538511F865854B991117952455D419C5145DD8E5DD21541

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 00007FFA2E8E8AEC Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memchr$isdigit$localeconv
                                                                                                                                                                                    • String ID: 0$0123456789abcdefABCDEF
                                                                                                                                                                                    • API String ID: 1981154758-1185640306
                                                                                                                                                                                    • Opcode ID: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                                                                                                                                                                                    • Instruction ID: b12ab9525b948dc4360922369eec15222bf4ee81bb422745343e68984d4bfdde
                                                                                                                                                                                    • Opcode Fuzzy Hash: bfe5ce258dc707371fcc712cb7d823bc8711584f4847fb00fe5ac810a8f06748
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D910572B0829646EB628B10DC9026E7B91FB46B44F4CD079EECE67755DA3CF886C740
                                                                                                                                                                                    Function 00007FFA2E8E7E18 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: isdigit$localeconv
                                                                                                                                                                                    • String ID: 0$0
                                                                                                                                                                                    • API String ID: 3674116420-203156872
                                                                                                                                                                                    • Opcode ID: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                                                                                                                                                                                    • Instruction ID: b22a1cc347bd2bcaa2fe2bb582e55a6f3dd44e0a0c6c0a937b89a73904e9ea2f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4406834286838e5a66ea1643bb5e1b65b61d336e67f6b85cf59e0c0fa5124fa1
                                                                                                                                                                                    • Instruction Fuzzy Hash: F5812837B0858247E7154F249C903BABBA1BB81B48F4C9078EBCE67294DA3DF9858700
                                                                                                                                                                                    Function 00007FFA2E8E9F08 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: iswdigit$btowclocaleconv
                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                    • API String ID: 240710166-4108050209
                                                                                                                                                                                    • Opcode ID: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                                                                                                                                                                                    • Instruction ID: 3e53b294624895ca2aa4be40403630be6d8d040729de3fdec67d6a5eaae3dfa1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ce769a20d79b02018313e3b4f1f7cfb6aa3882f2116b24e9f8fa3ef64a51e77
                                                                                                                                                                                    • Instruction Fuzzy Hash: C1811532B0854686EB258F25DC902BA73A1FF91B44F488179EECE56691EB7CF8C5C700
                                                                                                                                                                                    Function 000001F6D1106DDC Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1711108183.000001F6D1101000.00000020.00000001.01000000.00000016.sdmp, Offset: 000001F6D1100000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1711075880.000001F6D1100000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711237531.000001F6D110A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711424326.000001F6D1119000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711457089.000001F6D111A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_1f6d1100000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                    • Opcode ID: ab6f8bd3fb4afeb51318e495bf2b72adc6517a168825a7cd28b25ff7461fb1a4
                                                                                                                                                                                    • Instruction ID: b1797c5d1436f01d3ad0beebcaf55a864c5cdec9289d2dbcc7b7ee4a496c8ad6
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab6f8bd3fb4afeb51318e495bf2b72adc6517a168825a7cd28b25ff7461fb1a4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A31F872705B85CAEB60DFA1E8907ED73A8F784748F44402ADA8E47B99DF78C558C710
                                                                                                                                                                                    Function 00007FFA2E8EA5FC Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 236COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: iswdigit$localeconv
                                                                                                                                                                                    • String ID: 0$0$0$0123456789abcdefABCDEF
                                                                                                                                                                                    • API String ID: 2634821343-4215698122
                                                                                                                                                                                    • Opcode ID: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                                                                                                                                                                                    • Instruction ID: 9c72c1265a653be6dff71b5c7f9922571fa2eb1f7f9c02ccc1f2bc649aac9a63
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3704fcaff07c8aff4c597c3cc12ea7b955c33ea8c9b99a4c7dcb4ad09e9f94a2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B81EA72F1815686EF218B14DC8067976A0FB56F44F48D079EECE66790EA7CF881C780
                                                                                                                                                                                    Function 00007FFA2E8BA360 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Find$CloseFileFirst_invalid_parameter_noinfo_noreturnwcscpy_s
                                                                                                                                                                                    • String ID: .$.
                                                                                                                                                                                    • API String ID: 1484651601-3769392785
                                                                                                                                                                                    • Opcode ID: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                                                                                                                                                                                    • Instruction ID: 0480c2714c1a6f6179aaa4719c20202335dee0177b39dda31a1de85442842c88
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f2e76241fb6167369e219414ee462f878d2fbb825c9a126d35d20a4c5254c3a
                                                                                                                                                                                    • Instruction Fuzzy Hash: D941C872B1864186EE209F65EC8427DA361FB867A4F408339EAAD57AD4DF7CE5C4C700
                                                                                                                                                                                    Function 000001F6D11069C4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1711108183.000001F6D1101000.00000020.00000001.01000000.00000016.sdmp, Offset: 000001F6D1100000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1711075880.000001F6D1100000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711237531.000001F6D110A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711424326.000001F6D1119000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711457089.000001F6D111A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_1f6d1100000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                    • Opcode ID: d2efeeb549ca18fbec7cef4ce361d0aa23e86b71f7bc35a91ac3ccb4834afd55
                                                                                                                                                                                    • Instruction ID: 0b25ac33183bf6b59ca29394818cd8476785cc1a4ea590f1bb5d2a69cc997e98
                                                                                                                                                                                    • Opcode Fuzzy Hash: d2efeeb549ca18fbec7cef4ce361d0aa23e86b71f7bc35a91ac3ccb4834afd55
                                                                                                                                                                                    • Instruction Fuzzy Hash: DB11AC36B10B05CAFB00DFA1EC553A933A8F759758F441A35DAAD467A8DBB8C1A8C340
                                                                                                                                                                                    Function 00007FFA2E8C1F6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                    • String ID: !x-sys-default-locale
                                                                                                                                                                                    • API String ID: 4235545615-2729719199
                                                                                                                                                                                    • Opcode ID: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                                                                                                                                                                                    • Instruction ID: 775ea0a65947779e6015d47a4e8c9964d2c828eb8176e175b3d5f4549585f274
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5da859e977af74afa8353f9a6c5f78e49b3ee79ef77f832fd984a175f1757dbc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F01C872B1878142E7248B51F8807BAA7A1FB9A794F44C039DA8D16A94CF3CE581C700
                                                                                                                                                                                    Function 00007FFA2E8BA7F0 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2170103895-0
                                                                                                                                                                                    • Opcode ID: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                                                                                                                                                                                    • Instruction ID: 47829d97f1dfd6b27989c097d74801a702c8806baa06cb54856dd771a4fa0740
                                                                                                                                                                                    • Opcode Fuzzy Hash: eca9dd593ec568272995e89b02f1bee97cb2e4dc35f07cd198b2e2c2bbf21cac
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C415E72F10B4198FB008BA5D8902AC37B5E755BA8F54922ADEAC67B98DF34D1D5C340
                                                                                                                                                                                    Function 00007FFA2E8DD6A0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InfoLocale___lc_locale_name_func
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3366915261-0
                                                                                                                                                                                    • Opcode ID: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                                                                                                                                                                                    • Instruction ID: 7ba39caff4b7eddd061dbd8b0f5ad46e2a3933d10e8e8323a5296a2f200f371f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 36070760c2a1bd6d8ebcc2fcb2fece1e23610b0ed56ea6f9fbc3a67b73d02466
                                                                                                                                                                                    • Instruction Fuzzy Hash: 09F0FE76B2C54282E7685B78E89973852A0FB47701F40823AE58FE26D4DE5CE58487C1
                                                                                                                                                                                    Function 00007FFA533C94CC Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                                    • API String ID: 2943138195-1482988683
                                                                                                                                                                                    • Opcode ID: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                                    • Instruction ID: c02994982a1069fd524c4e91833ecf3be57e909209415304736454376d466bc8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B029572E28F1A88FB148B64D8501BC3672BF873A4F498535DA4D76A9AEF2CD514D340
                                                                                                                                                                                    Function 00007FFA533CCDCC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                    • String ID: `anonymous namespace'
                                                                                                                                                                                    • API String ID: 3863519203-3062148218
                                                                                                                                                                                    • Opcode ID: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                                    • Instruction ID: 5f75a1b1ace9ef7a5fb70a9d47172b28fe3cc6e46530201b407402f6329d2780
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                                    • Instruction Fuzzy Hash: 96E1AF72A28F8A99EB11CF24D8801EC77A2FF86794F488031EA4D67B56DF38E555D700
                                                                                                                                                                                    Function 00007FFA533CDC34 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                                                                    • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                                    • API String ID: 2331677841-2441609178
                                                                                                                                                                                    • Opcode ID: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                                    • Instruction ID: c711b0e18965861d0ca6a2094148f2a3a5bc375c28b9a0b1afe96f2bada99e05
                                                                                                                                                                                    • Opcode Fuzzy Hash: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF19F22E28F1A84FB249B6595551BC27A3BFC67A4F488136ED0D37A97DE3CA504A340
                                                                                                                                                                                    Function 00007FFA533CB294 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                    • Opcode ID: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                                    • Instruction ID: 952ffd588e9a96e63374cc7581a303ca31c1e2f53091ded040ff34bd8939a982
                                                                                                                                                                                    • Opcode Fuzzy Hash: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F19C76E28B8A9DE700DF64D4501FC37B2AF8235CB488432EA4D67B9ADE38E515D340
                                                                                                                                                                                    Function 00007FFA2E8B2740 Relevance: 18.2, APIs: 12, Instructions: 240COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3420081407-0
                                                                                                                                                                                    • Opcode ID: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                                                                                                                                                                                    • Instruction ID: e0f2f3353af02df1322977c380ebc142ec329d09df48c0f88edb67126f7b6794
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a85b2404574188ae32d9f64e8b354bffe683efe23454bfe8da5b5ca5b410ce0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 41A1C632B0878245EB318B659C907797692AF46BA4F44C63DD9ADA67C4DF7CF4848302
                                                                                                                                                                                    Function 00007FFA533C3334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                    • API String ID: 4223619315-393685449
                                                                                                                                                                                    • Opcode ID: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                                    • Instruction ID: db9c3c5c9b41312d398c25d9c0afa3c4c1f9b8b0489e8b535eb7c2d760858592
                                                                                                                                                                                    • Opcode Fuzzy Hash: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                                    • Instruction Fuzzy Hash: ECD1B472A28B4586EB509FA5D4402AD77A1FF86BA8F488135EE4D67B56CF3CE090D700
                                                                                                                                                                                    Function 00007FFA533CEDC4 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Replicator::operator[]
                                                                                                                                                                                    • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                    • API String ID: 3676697650-3207858774
                                                                                                                                                                                    • Opcode ID: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                                    • Instruction ID: 20fa55379d206ca146c170eeb1da5c200a7ed6950bb464a7f2dcb3030cbc01dc
                                                                                                                                                                                    • Opcode Fuzzy Hash: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                                    • Instruction Fuzzy Hash: 93919026A28F4A89FB118F24D4502B837A2AFC6BA8F4CC531DA4D27796DF3CE545D350
                                                                                                                                                                                    Function 00007FFA2E8C6E08 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8CE90E), ref: 00007FFA2E8C6E53
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8CE90E), ref: 00007FFA2E8C6E73
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8C6E8D
                                                                                                                                                                                    • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8CE90E), ref: 00007FFA2E8C6E96
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8CE90E), ref: 00007FFA2E8C6EB6
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8C6ED0
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8C6EE5
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F12
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F38
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F50
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFA2E8C6EC0
                                                                                                                                                                                    • :AM:am:PM:pm, xrefs: 00007FFA2E8C6EDE
                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFA2E8C6E7D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                    • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                    • API String ID: 2460671452-35662545
                                                                                                                                                                                    • Opcode ID: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                                                                                                                                                                                    • Instruction ID: c44b9cd1494ec1dd4442ced520110fba03793244e7f00d947e4a2701d33584b7
                                                                                                                                                                                    • Opcode Fuzzy Hash: e605f10ed45052a7da8f4d8a6087127061f4544bf6b44d6e1e42e8552ad41aca
                                                                                                                                                                                    • Instruction Fuzzy Hash: DE314A36B04B8585E710DF21EC802A977A1FB8AF80F49813ADA8D53B56DF3CE181C340
                                                                                                                                                                                    Function 00007FFA2E8B2B70 Relevance: 16.7, APIs: 11, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$freemalloc$__strncnt
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1733283546-0
                                                                                                                                                                                    • Opcode ID: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                                                                                                                                                                                    • Instruction ID: 1ff2d0cf3f015da30b2e954d5d1891a3b43431b364e8cb28e1601f2c7f0f4bdc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1454e74cf2446912ff0ec3563468defa227705ba58393810ede2454d5cb089
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D81B532704B4186EB208F51D880369A7E6FF45BA4F44863DEA9DA7BD4DF3CE4858701
                                                                                                                                                                                    Function 00007FFA533C9178 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                    • Opcode ID: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                                    • Instruction ID: d0fdbb265671e1d7a9cc6b38a9da50910149bbe989eb8bd5e90802f63942e062
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D717B72B24B4A9DEB11DF61D4401EC37B2AB8579CB858432DE0D67A8AEF38D615D380
                                                                                                                                                                                    Function 00007FFA2E8F8DF0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 229COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                                                                                                                                                                                    • Instruction ID: acc72ca3560df7a88e1fa7bd7e0c42fef4934ce9db9ac702d74ef2559a608e3d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9683fe5ecf1d363253f1b605d1cd2dc95da79829f3f3562ae287b3f8f65d6833
                                                                                                                                                                                    • Instruction Fuzzy Hash: C091D036708A4685EB649B15D8D13B86761FF86B84F94C03ACA8D637A5DF3DE4CAC300
                                                                                                                                                                                    Function 00007FFA533CAADC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                                    • API String ID: 2943138195-1464470183
                                                                                                                                                                                    • Opcode ID: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                                    • Instruction ID: 7f41995eda4ef72e3e929a23bf4a927ff62b075bfcc271f93754fbeb48aa6fcd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                                    • Instruction Fuzzy Hash: 18516132E38F5A89F700CB64E8805BC37B2BF863A4F588435DA4D67A56DF29E551D300
                                                                                                                                                                                    Function 00007FFA2E8E7BC0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setw$Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2501290797-0
                                                                                                                                                                                    • Opcode ID: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                                                                                                                                                                                    • Instruction ID: bc2333093dff600c3d8920561535e1b72519cdec33c043cf3c70ce541d964f27
                                                                                                                                                                                    • Opcode Fuzzy Hash: 21da6a4f17f49cb7967e78601ae5b57348283273755f20e84b22add998b879ef
                                                                                                                                                                                    • Instruction Fuzzy Hash: B161A532F085029AF711DBA2D8C02FD3761AB56748F54857AEE4D77A89DE3DF58A8300
                                                                                                                                                                                    Function 00007FFA2E8E9CB0 Relevance: 15.2, APIs: 10, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setw$Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3781602613-0
                                                                                                                                                                                    • Opcode ID: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                                                                                                                                                                                    • Instruction ID: 1ad3f2ede370306f340a080ffec89d28a267244cafb9053820cd9f7d6bbe1fab
                                                                                                                                                                                    • Opcode Fuzzy Hash: 53210aa5814b0a8d508e44c2da40037058d9cf683dce0713d0cb7fb9d2746126
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9961D332F089529AFB11DBA2C8C01FD3761AB56748F54817AEE4D73A85DE7CF58A8300
                                                                                                                                                                                    Function 00007FFA533B12D0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$AdjustPointermemmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 338301193-0
                                                                                                                                                                                    • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                    • Instruction ID: 1ccfa3ceb1bf2e3f8cf60c61b126ec857d2dec971894b5a7584d6929841b650e
                                                                                                                                                                                    • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E518E31E2EF4281EE65DB15D57463C67A6EFC6BA4F0DC435DA4D26A84EF2CE4818320
                                                                                                                                                                                    Function 00007FFA533C37F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                    • API String ID: 211107550-393685449
                                                                                                                                                                                    • Opcode ID: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                                    • Instruction ID: d7d17ec9552164d7fefc349ad2661f7f906a443f57690e603c39a6aa73c31ed4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 21E1B273A28B868AE7109F75D4803AD77A2FF86768F188235DA4D67656CF3CE481D700
                                                                                                                                                                                    Function 00007FFA533B1650 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                    • API String ID: 211107550-393685449
                                                                                                                                                                                    • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                    • Instruction ID: 4e866e641742b3b644165c83ee6110577ed5b890d9c98af4de1ba0b2f37238cf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 18E1D573D28F818AE710DF64D4603AD77A2FB86768F188236DA8D67656CF38E481C700
                                                                                                                                                                                    Function 00007FFA2E8E88F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E892D
                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E89CB
                                                                                                                                                                                    • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E89DD
                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E8A18
                                                                                                                                                                                    • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E8A26
                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FFA2E8C005B), ref: 00007FFA2E8E8AA6
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                    • String ID: 0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                    • API String ID: 3508154992-2692187688
                                                                                                                                                                                    • Opcode ID: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                                                                                                                                                                                    • Instruction ID: 0dd2d7197bc42bc198084c13729473db1040616aa32e86f3d8c6b9a2b2f3340f
                                                                                                                                                                                    • Opcode Fuzzy Hash: c4eb95e7717bfe049bc9e30e3fb653c2c0825339a0103deeba7df756b235c598
                                                                                                                                                                                    • Instruction Fuzzy Hash: F451E332B0C6C645EB619B60AC803BD6691AB42790F4CC079EDED36795DE3CB8C28702
                                                                                                                                                                                    Function 00007FFA533CC808 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                    • API String ID: 2943138195-2239912363
                                                                                                                                                                                    • Opcode ID: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                                    • Instruction ID: 53324e36ffe201bf799fa8447c38103da4929aed3e202c036de0fb8ca83b3284
                                                                                                                                                                                    • Opcode Fuzzy Hash: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC517D72E28F498CFB11CB60D8402BD77B2BF8A764F488535DA4D22AA6DF3CA055D700
                                                                                                                                                                                    Function 00007FFA2E8B6CD0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 1099746521-1866435925
                                                                                                                                                                                    • Opcode ID: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                                                                                                                                                                                    • Instruction ID: 79117d1648aa6cbb24288f38dff7aaff18695d1f4e47200b11c62a12b7ba7b7b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f90ff220a0d5ba7b9ed87cdd8d76cee1756ef03fcb66314c37f7537eac797d0
                                                                                                                                                                                    • Instruction Fuzzy Hash: FD21E271F2950695EA549B00DCC22F96362AF52340FD8C43ED58DA2AA2EF2EF5C9C340
                                                                                                                                                                                    Function 00007FFA2E8EA910 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                    • API String ID: 667068680-1247241052
                                                                                                                                                                                    • Opcode ID: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                                                                                                                                                                                    • Instruction ID: 0ea77cb7af2231d29829915cb843b688fddc486a11613b960e3e8030d6b2dcf6
                                                                                                                                                                                    • Opcode Fuzzy Hash: adf4213de8606483d3efac82db9710855be8762a76baa7a997fdbecebdc71b0d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F06778B09B0381EF149B95EC98064B364BF4A791BD4C13AC81E66721EEBCA1D98380
                                                                                                                                                                                    Function 00007FFA2E8F8B70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                                                                                                                                                                                    • Instruction ID: 58e643a0a5f31152ace35f7e282c4fae78fc8a888f10baa83be4bb29e8fbaed5
                                                                                                                                                                                    • Opcode Fuzzy Hash: d32f189367028e5cdde9405d25fc529d58a856820c390070d5beeb915c714ccc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F619F32708A4585EB649F15D8D13B96760FF82B84FA4C53ACA8D677A5CF3DE486C300
                                                                                                                                                                                    Function 00007FFA2E8C38C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 165fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowfputwcfwritestd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 1428583292-1866435925
                                                                                                                                                                                    • Opcode ID: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                                                                                                                                                                                    • Instruction ID: 7d01aea7ab37de0dae29a5f0dac7c65294740916fc4f6b8c8f62f194862d80ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: d54f6f366594eb575b8d412551bf48bd0f96431c82c584339437ebc46d035372
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3661A473704A8595EB54CF25D8802FD7360FB46B88F84A03AEA8D67754DF39E596C340
                                                                                                                                                                                    Function 00007FFA533C662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                                                                    • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                                    • API String ID: 1852475696-928371585
                                                                                                                                                                                    • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                    • Instruction ID: 6b0f5f1ae9a2df509ed98ceaea08633ae03c0910ccaf7312ecf25e83f4592928
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A518162A28F4A92DE20CB55E8505B96362FFC5BA4F4CC831EA4E13666DF3CE505D700
                                                                                                                                                                                    Function 00007FFA2E8F8910 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • std::ios_base::failure::failure.LIBCPMT ref: 00007FFA2E8F8B03
                                                                                                                                                                                    • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFA2E8EAB84), ref: 00007FFA2E8F8B14
                                                                                                                                                                                    • std::ios_base::failure::failure.LIBCPMT ref: 00007FFA2E8F8B57
                                                                                                                                                                                    • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFA2E8EAB84), ref: 00007FFA2E8F8B68
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                                                                                                                                                                                    • Instruction ID: d525fe8beba94d9ef989bd1fedc90a4c65abb15335ff4b103d0b8e626229387c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 495d6bd3cdc3f56359a1158ef11b9f6cc3e083b47c91db06cb9b62f7985930ad
                                                                                                                                                                                    • Instruction Fuzzy Hash: 66619F32B08A4585EB648B15D8D13B96760FF82B94F94C43ACA8E577A5CF3CE486C301
                                                                                                                                                                                    Function 00007FFA2E8E86E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                    • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                    • API String ID: 3508154992-4256519037
                                                                                                                                                                                    • Opcode ID: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                                                                                                                                                                                    • Instruction ID: 1256dc419e8f68eb8f4e31a6c0f89c0eb302a9c2a38aed53a176cece379e56bf
                                                                                                                                                                                    • Opcode Fuzzy Hash: d857bbab0a05a34ef21721403163653e57d835ca7b8e7b3a215c1e954870a4b5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02510736B0C69686E7618F609C9137D7A90BB46794F4C8079EDDD62784DE3CF8C28740
                                                                                                                                                                                    Function 00007FFA2E8BB210 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                                                                                                                                                                                    • Instruction ID: 60837cd6215d5438adbdde6ef5d589a4d51557faefd6ad67443f296f24790bee
                                                                                                                                                                                    • Opcode Fuzzy Hash: e0c8c7c3db13bda117808125c9f4d8b899fe4ac307ba0d60ac1330275e193daf
                                                                                                                                                                                    • Instruction Fuzzy Hash: F751B032B08A4985EB50DB18D8D0269A3A1FF86B94F94C43ACA4D937B5DF3DE485C700
                                                                                                                                                                                    Function 00007FFA533C6FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C7069
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C7077
                                                                                                                                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C7090
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C70A2
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C7110
                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FFA533C71A3,?,?,00000000,00007FFA533C6FD4,?,?,?,?,00007FFA533C6D11), ref: 00007FFA533C711C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                    • API String ID: 916704608-2084034818
                                                                                                                                                                                    • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                    • Instruction ID: f6f70aaaddd20fd77cd875c1ef16d2c4755aa24b49066442dcda290b1e31b875
                                                                                                                                                                                    • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E31B021B2AF56D5EE119B42A8005B52796FF86FB4F1D8934DD1DAB382EF3CE5449300
                                                                                                                                                                                    Function 00007FFA533B35E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B3665
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B3673
                                                                                                                                                                                    • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B368C
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B369E
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B370C
                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FFA533B379F,?,?,00000000,00007FFA533B35D0,?,?,?,?,00007FFA533B334D), ref: 00007FFA533B3718
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                    • API String ID: 916704608-2084034818
                                                                                                                                                                                    • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                    • Instruction ID: 0310918b4dbf1e31793a8f96c8820d835b5cde539e1dc135e88e0ab148b306ff
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                                    • Instruction Fuzzy Hash: F731C331B2AF5291FE929B56A860275239ABF8AB70F5D8534DD1D27390EF3CE4458700
                                                                                                                                                                                    Function 00007FFA2E8DFF6C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8DFFB7
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8DFFD7
                                                                                                                                                                                    • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8DFFFA
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8E001A
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F12
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F38
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F50
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFA2E8E0024
                                                                                                                                                                                    • :AM:am:PM:pm, xrefs: 00007FFA2E8E0042
                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFA2E8DFFE1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                    • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                    • API String ID: 1539549574-35662545
                                                                                                                                                                                    • Opcode ID: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                                                                                                                                                                                    • Instruction ID: 082f5b7f64e6e4d36c7c68bc1abf86a580770e145fb1b88b006d9508de9f139a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7aeabda0e4e4f149d23de0a0a6287a6ab5e3eff2c83020dab8bdca83acb646d5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F312C36B04B8589E710DF61D8942A977A1FB9AF80F498139DA4D53756DF3CE181C740
                                                                                                                                                                                    Function 00007FFA2E8C6F10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8C6F52
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8C6F72
                                                                                                                                                                                    • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8C6F90
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8C6FB0
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4F99
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FC8
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FDF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFA2E8C6F7C
                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFA2E8C6FBA
                                                                                                                                                                                    • :AM:am:PM:pm, xrefs: 00007FFA2E8C6FCA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                                    • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                    • API String ID: 1539549574-3743323925
                                                                                                                                                                                    • Opcode ID: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                                                                                                                                                                                    • Instruction ID: 04b3c708f31c76adbf15c8fbadb49192b3b44debd2c3b535c658b7f806b28fdb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e6d0835d4a47598dfb3552d3a194903f698fb29ad8629dcbbf3a07e1645c30e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B213E36B05B4586DB10DB61E880269B3B0EB96B80F449139DA8E53756EF7CF480C740
                                                                                                                                                                                    Function 00007FFA533C2C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                                                                    • Opcode ID: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                                    • Instruction ID: d84488ade6a0d7183db6fc7ec817ea0bbb7f5a7249c994606602a783d3c963fc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C51E531A29F4B81EE659B11D45823863A2AFD6FF0F0DC435D95DA7796CF2CD842A300
                                                                                                                                                                                    Function 00007FFA533C2E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$AdjustPointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1501936508-0
                                                                                                                                                                                    • Opcode ID: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                                    • Instruction ID: 31a73dfd243f75c43a4dbaff9663ef501a1fa69a108de2d2b0cdefceecb34a6c
                                                                                                                                                                                    • Opcode Fuzzy Hash: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3651AF21A29F4F81EE65DB51944463863A2AFCAFB0F0DC535DA4DB7796DF2CE841A300
                                                                                                                                                                                    Function 00007FF9CD280D2D Relevance: 11.5, Strings: 9, Instructions: 220COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: ++$8++$PN,+$XL,+$`L^I$`L^$p-+$xM,+$-+
                                                                                                                                                                                    • API String ID: 0-3113827396
                                                                                                                                                                                    • Opcode ID: dd29d965207e4dc1d95abf67f313ee5b51b91c7f91b50414939767f7632e54ef
                                                                                                                                                                                    • Instruction ID: 802b1f967a985f7e7efe2bea59af212925a79ed3aa8b9902c2768103c9c0bbad
                                                                                                                                                                                    • Opcode Fuzzy Hash: dd29d965207e4dc1d95abf67f313ee5b51b91c7f91b50414939767f7632e54ef
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B61A983A0EBC34FF6599AB81D592A5AF91FF6139070851FBE078870CBB8957B0587C1
                                                                                                                                                                                    Function 00007FFA2E8BB438 Relevance: 10.9, APIs: 7, Instructions: 392stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturnmemsetstrcspn$localeconv
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4135771353-0
                                                                                                                                                                                    • Opcode ID: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                                                                                                                                                                                    • Instruction ID: ebfc7f94993bf1a26ca7a9d98e4bc3d9ff9222599a5e02365174607ed2baa370
                                                                                                                                                                                    • Opcode Fuzzy Hash: cf421af5cabedf8228f8c10338f1097def40aa3310b7af1aaf7793cbfb7df88f
                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F1D332B08E858AFB118FA5D8942BC7372EB46B94F54813DDE8D67B95DE38E485C340
                                                                                                                                                                                    Function 00007FFA533CEBB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: {for
                                                                                                                                                                                    • API String ID: 2943138195-864106941
                                                                                                                                                                                    • Opcode ID: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                                    • Instruction ID: 0711fc889ca023790bc607022e256f7a7fc1e7edd1551738f0a37bb9b8839786
                                                                                                                                                                                    • Opcode Fuzzy Hash: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C519F72A28F89ADE7019F24D4543E837A2EB86798F48C431EA4C6BB96DF3CD554D300
                                                                                                                                                                                    Function 00007FFA2E8BDF00 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BDFD0
                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BDFE0
                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BDFF5
                                                                                                                                                                                    • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BE029
                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BE033
                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BE043
                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,00007FFA2E8C14FF,?,?,?,?,00000000,00007FFA2E8BB771), ref: 00007FFA2E8BE053
                                                                                                                                                                                      • Part of subcall function 00007FFA2E9019FC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B5C08), ref: 00007FFA2E901A16
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memcpy$memset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2538139528-0
                                                                                                                                                                                    • Opcode ID: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                                                                                                                                                                                    • Instruction ID: 541e51f2cd5e634191f8144c7bf77f4cad3d30462b36024d56d3c08d7a847562
                                                                                                                                                                                    • Opcode Fuzzy Hash: 80e48887ca86f42cc658512a3ff8db71c282a905c9dcd018905c5bbb3517e318
                                                                                                                                                                                    • Instruction Fuzzy Hash: 95410A36B08A8595DE00DF56E8842BEA352FB06BD4F54813ADF9D57B96DE3CE0C28300
                                                                                                                                                                                    Function 00007FFA2E8D2004 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFA2E8D2032
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8D20AB
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8D20C1
                                                                                                                                                                                    • _Getvals.LIBCPMT ref: 00007FFA2E8D2166
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                    • API String ID: 2626534690-2658103896
                                                                                                                                                                                    • Opcode ID: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                                                                                                                                                                                    • Instruction ID: 7033e2d94cfe42aca1caa2f533abad9820a29e1061c4343c745f9150807d3941
                                                                                                                                                                                    • Opcode Fuzzy Hash: bee9dad042fd688f61686e8a29264512e6ac662606b53b82c80f7019d71309fe
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05415C36B08B4199F711DF74E8801ED33B1FB49748B44922AEE8D27A59EF38E596C344
                                                                                                                                                                                    Function 00007FFA533CE184 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NameName::atol
                                                                                                                                                                                    • String ID: `template-parameter$void
                                                                                                                                                                                    • API String ID: 2130343216-4057429177
                                                                                                                                                                                    • Opcode ID: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                                    • Instruction ID: db715de5a0a3d5f720e5b2dd16959451b652a87fdc9c769f6207968915a62bea
                                                                                                                                                                                    • Opcode Fuzzy Hash: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                                    • Instruction Fuzzy Hash: DD418E22B28F5688FB019BA4D8512FC2372BF857A4F588535DE4D27A59DF3CE545C340
                                                                                                                                                                                    Function 00007FFA533C8EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                                    • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                    • API String ID: 1405650943-2211150622
                                                                                                                                                                                    • Opcode ID: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                                    • Instruction ID: 986038339bcc51093c27f2e6bd5cbddaf62f052e504dabc4b24b88e0c82244ee
                                                                                                                                                                                    • Opcode Fuzzy Hash: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                                    • Instruction Fuzzy Hash: ED413C76A28F469CF7128B64E8502B877A2BF86354F488A31DA4C2B755DF7CE640D700
                                                                                                                                                                                    Function 00007FFA533CACD8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: char $int $long $short $unsigned
                                                                                                                                                                                    • API String ID: 2943138195-3894466517
                                                                                                                                                                                    • Opcode ID: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                                    • Instruction ID: ad20ce1ed4ade136190757e96cb754f01cee0ea2e40a5d6f3f5157b32a674728
                                                                                                                                                                                    • Opcode Fuzzy Hash: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 41317C72A38F498DE7118F28D8641BC27B2BF86768F48C535DA4C66B59DE3CE544D300
                                                                                                                                                                                    Function 00007FFA2E8E6F60 Relevance: 9.2, APIs: 6, Instructions: 235COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Dunscale$_errno
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2900277114-0
                                                                                                                                                                                    • Opcode ID: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                                                                                                                                                                                    • Instruction ID: 3d0c4a30ba44553d6fd458a74f82b49512fcb7fa329328ac9044333142528ccb
                                                                                                                                                                                    • Opcode Fuzzy Hash: e6cd1ca0f90a544f70e1183bb1102f176de5b7124949166c862e8460281ebf53
                                                                                                                                                                                    • Instruction Fuzzy Hash: EEA18032A18E4A99E7119F348D801BD2366FF57794F54C279FB8E26585EF2AF4D28200
                                                                                                                                                                                    Function 00007FFA2E8DE938 Relevance: 9.2, APIs: 6, Instructions: 235COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Dunscale$_errno
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2900277114-0
                                                                                                                                                                                    • Opcode ID: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                                                                                                                                                                                    • Instruction ID: 3ac056b4c683e31ed87cd7ead772eddc7044af48826b4d92d8f51088c3f086b9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 018b2febf4e662f9f7087985f0e7d920f69676e93f0554d90feac40c922dbb90
                                                                                                                                                                                    • Instruction Fuzzy Hash: 19A1D033F186469AEB109F3688C00BC6791FF26794F54C679EA8EB2594DF28F0D59600
                                                                                                                                                                                    Function 00007FFA2E8B9060 Relevance: 9.2, APIs: 6, Instructions: 182COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: fgetc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2807381905-0
                                                                                                                                                                                    • Opcode ID: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                                                                                                                                                                                    • Instruction ID: dd3ee701cea4c4d9eb6eb0b907ec38bbcbac6e3ead823a2c2d427ea4ca81d5de
                                                                                                                                                                                    • Opcode Fuzzy Hash: d065d661809670cc5a96facd9b485a20526c76d1415a7cc54be9045511bddec9
                                                                                                                                                                                    • Instruction Fuzzy Hash: F6815B37B09A8189DB20CF65D8D03AC73A1FB55B58F44813AEB9E97A94DF38E594C300
                                                                                                                                                                                    Function 00007FFA2E8E7940 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2908567333-0
                                                                                                                                                                                    • Opcode ID: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                                                                                                                                                                                    • Instruction ID: 6169f287aa4f977dce846d47f579f0ce93420664886382a818b2eb65180f1d4f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ec0a3fc9b641c2052d7ad87ab138f68e2e7bf018f14069de87e0c4f64062613
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8561E232B1854296E611DF61ECC01AE6720FB86744F54853AFF8E73A95DE3DF5868B00
                                                                                                                                                                                    Function 00007FFA2E8EA1D0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3490103321-0
                                                                                                                                                                                    • Opcode ID: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                                                                                                                                                                                    • Instruction ID: 1defe88a6c033ab3bf6296a354d5f4c797c3882c6e6ca1b0419b91cf753faf24
                                                                                                                                                                                    • Opcode Fuzzy Hash: 99485b05d70c4dce383f70887bb1d89afed8e49422c62919471775cf5c16d78a
                                                                                                                                                                                    • Instruction Fuzzy Hash: FB61B432B1864286EB11DF61E8C05AE6720FB87744F54817AFE8E73695DE7CE9898700
                                                                                                                                                                                    Function 00007FFA2E8E81C0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setn$Xp_addx$isspaceisxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2908567333-0
                                                                                                                                                                                    • Opcode ID: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                                                                                                                                                                                    • Instruction ID: 0582e36407cc4661c50b18286c9d74516d5e9f2290e74c73a24de995b2bcb1ed
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cab3408bf8d741f737a811a67183fd7d774d414e4d2081581f5908d39fd8b3c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B61C432B1C94286E611DF61DCC05AE6720FB86744F58857AFE8D73A95DE7CF4898B00
                                                                                                                                                                                    Function 00007FFA2E8E9A30 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3490103321-0
                                                                                                                                                                                    • Opcode ID: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                                                                                                                                                                                    • Instruction ID: a3f5430938b591d603317a249f13c60aa26a92cd3f9794d00f98102456733ef0
                                                                                                                                                                                    • Opcode Fuzzy Hash: dad5603ec8706e78effbcd76a25f40d86f1d503a8bd75634513e97ff5dfdc010
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C61E232F1864282E711DF61ECC11AEA760FB86744F54817AFE8E63A95DE7CF4858B00
                                                                                                                                                                                    Function 00007FFA533CAE00 Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+$NameName::
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 168861036-0
                                                                                                                                                                                    • Opcode ID: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                                    • Instruction ID: 37ab2f58ebafc821dc252874f6dd54bebfd3cfa11cca4100140341f29ef6a32a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E718C72E28F5A89E7018F64D8402BC37A2BF927A4F58C531DA4D2BA96DF7DE441D300
                                                                                                                                                                                    Function 00007FFA2E8BA030 Relevance: 9.1, APIs: 6, Instructions: 94fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHandle$CloseCreateInformation
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1240749428-0
                                                                                                                                                                                    • Opcode ID: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                                                                                                                                                                                    • Instruction ID: 5c29150098791e7d01612dab6811270b7083dd72652f6cf739c9d95e84a24313
                                                                                                                                                                                    • Opcode Fuzzy Hash: 331048bd46d995d148c9521f1c3bdc77440cb157a060c80cfc022df07c413caa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D41D132F086418AF760CFB5D8907AD33A1AB59798F408739EE5DA2A94DF38A5D5C700
                                                                                                                                                                                    Function 00007FFA2E8C2690 Relevance: 9.1, APIs: 6, Instructions: 92threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 184115430-0
                                                                                                                                                                                    • Opcode ID: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                                                                                                                                                                                    • Instruction ID: 11dd12e97e58efc562ed1d72bc46415292d0ff45ea6c4073d81dd648a5e090dd
                                                                                                                                                                                    • Opcode Fuzzy Hash: c3cdb7ed25ae08968af8efc336aaae85e49c97064b0acd8c2e1e1d8a1a4d6231
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3841E937B18A0286EB689F14D9C4269B3A0FB57B44F50943AD68D626D4DF3CF8D5CB02
                                                                                                                                                                                    Function 00007FFA533C69F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3741236498-0
                                                                                                                                                                                    • Opcode ID: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                                    • Instruction ID: 85639ee9b33dcfc6549097eed23aa81550ee53b91317492382b7243e6b666f61
                                                                                                                                                                                    • Opcode Fuzzy Hash: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                                    • Instruction Fuzzy Hash: A031C166B2AF9990EA15DB25A80416963A1FF8ABF0B5DC531DD2D13381EF3DD842C300
                                                                                                                                                                                    Function 00007FFA2E8B2F90 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B2F99
                                                                                                                                                                                    • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B2FAB
                                                                                                                                                                                    • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B2FBA
                                                                                                                                                                                    • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B3020
                                                                                                                                                                                    • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B302E
                                                                                                                                                                                    • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FFA2E8B60A6), ref: 00007FFA2E8B3041
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 490008815-0
                                                                                                                                                                                    • Opcode ID: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                                                                                                                                                                                    • Instruction ID: 52dc8e0c910da70974c229095f4a5a14d50118459626a7428b0e5bc86f6d3f78
                                                                                                                                                                                    • Opcode Fuzzy Hash: 107e66dceef68c19cba3e477cb3166ac5d7236672a125cea21169af1fc22d59b
                                                                                                                                                                                    • Instruction Fuzzy Hash: FA212C36E08B8583E7158F78D9452787360FBAAB48F55E228CE8C26612EF79F1D5C340
                                                                                                                                                                                    Function 00007FFA533C3F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                                                                    • Opcode ID: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                                    • Instruction ID: e516c14b47659d04059f64b61bffd3757558fb41c1c656585af41c27149279db
                                                                                                                                                                                    • Opcode Fuzzy Hash: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: C7911473A18B958AE711CB65E4402AC77B1FB85798F188139EE8C27756DF3CE161C700
                                                                                                                                                                                    Function 00007FFA533B1B44 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                                                                    • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                    • Instruction ID: b3a49976a4aa718f3fc5c7ac54e699dc2e57cd9390fdd7fcb9ed1beb1cd4587d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                                    • Instruction Fuzzy Hash: E391F473E18F818AE710CB64E8502AD77A1FB86798F18813AEA8C67755DF3CD191CB00
                                                                                                                                                                                    Function 00007FFA533CC550 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                    • API String ID: 2943138195-757766384
                                                                                                                                                                                    • Opcode ID: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                                    • Instruction ID: 162a9bc43fbd66369cafa171f8b524dfee4c8d8b27400f17065e714621c66a3f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 167171B6A28F4688E7108F25D9500BC67A6FF86790F8CC535DA4D67A66DF3CE161D300
                                                                                                                                                                                    Function 00007FF9CD280D7D Relevance: 8.9, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1718174930.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ff9cd280000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: PN,+$XL,+$`L^I$`L^$p-+$xM,+$-+
                                                                                                                                                                                    • API String ID: 0-4294785938
                                                                                                                                                                                    • Opcode ID: 104e3030b1723403c061bb9368fde89513d914704dc8c9244d229616c9a60a6f
                                                                                                                                                                                    • Instruction ID: fd0c604fb2cfd5ed7da9f496132ca815d57ed241b393e0940ff47a29585fb391
                                                                                                                                                                                    • Opcode Fuzzy Hash: 104e3030b1723403c061bb9368fde89513d914704dc8c9244d229616c9a60a6f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A519883A0EBC34FFA599AA81D552A6BF91FF2139074851F7D078870CBB895BB0587C1
                                                                                                                                                                                    Function 00007FFA533B20C8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __except_validate_context_record.LIBVCRUNTIME ref: 00007FFA533B20F2
                                                                                                                                                                                      • Part of subcall function 00007FFA533B3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFA533B1222), ref: 00007FFA533B3564
                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533B2247
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$__except_validate_context_record
                                                                                                                                                                                    • String ID: $csm$csm
                                                                                                                                                                                    • API String ID: 3000080923-1512788406
                                                                                                                                                                                    • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                    • Instruction ID: aa5ea6ac73ca91b77e2de8582a8ea42ae43cbc9e8e522670b93de1d2fa425dee
                                                                                                                                                                                    • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5371E372918B8186D7618F25D4607797BA2FB86BA5F08C231DF9CA7A99CF3CD491C700
                                                                                                                                                                                    Function 00007FFA533C3CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                    • API String ID: 2889003569-2084237596
                                                                                                                                                                                    • Opcode ID: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                                    • Instruction ID: 80445938cf651d4925493c428717b78afc72a5cbf316b59d10c34e05ddbfd31c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9161A132918BC581D7609B55E4403AAB7A1FFC6BA4F088625EB9D23B56CF3CD195CB00
                                                                                                                                                                                    Function 00007FFA533C5C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHeader
                                                                                                                                                                                    • String ID: MOC$RCC$csm$csm
                                                                                                                                                                                    • API String ID: 104395404-1441736206
                                                                                                                                                                                    • Opcode ID: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                                    • Instruction ID: 7267a1ecdb53782f68b88335fa49bf5e39215e00cd1db63e4b7baf2fc2d5f450
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0951B532A29F4687FA609F26914817D26A2FFC6BA0F0C8131DE4D67752DF3CE8619701
                                                                                                                                                                                    Function 00007FFA2E8D1EBC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE2B8), ref: 00007FFA2E8D1EFE
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD07
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD23
                                                                                                                                                                                    • _Getvals.LIBCPMT ref: 00007FFA2E8D1F3B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                    • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                    • API String ID: 3848194746-3573081731
                                                                                                                                                                                    • Opcode ID: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                                                                                                                                                                                    • Instruction ID: 10972030acfed53a0427aadbe69bebf26af518601962732361a414dd00cdf75d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 43d7cb6c86fcbb5da0292524127ac9c93a52f3c08d6ba4ee43fe738f6773ccc9
                                                                                                                                                                                    • Instruction Fuzzy Hash: A6417272A08B968BE724CB25C99037D7BE0FB5AB41F158229D78D93A41DF78F5A1C700
                                                                                                                                                                                    Function 00007FFA2E8D2190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFA2E8D21BE
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8D2237
                                                                                                                                                                                    • _Maklocstr.LIBCPMT ref: 00007FFA2E8D224D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                    • API String ID: 309754672-2658103896
                                                                                                                                                                                    • Opcode ID: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                                                                                                                                                                                    • Instruction ID: 213e3b0692fd5e5e77ee73ea22bc78c9d5269a7ebd631ea6167992a1eb9445a2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 55b7f5c3dcbba11b6f0af3a8532ccc0b42c9bf1c4424f5502c43fbdbe24671fa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E415A36B18B4599E710DFB0E8801ED33B1FB49788B40912AEE8E27B59EF38D595C354
                                                                                                                                                                                    Function 00007FFA2E8B8510 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                                                                                                                                                                                    • Instruction ID: b4171869d04b801536004088f5b1a4eac9f75d45c13a30cfe3e704d5e9e00f96
                                                                                                                                                                                    • Opcode Fuzzy Hash: 30f8a19ad05608d569e801936d8c4b8b521464ba700c6576b76e7c3c36028168
                                                                                                                                                                                    • Instruction Fuzzy Hash: D021F172B0864692EA109B54E9813BA6361FF52784F84803ED78DA7B91DF3CF0E1C300
                                                                                                                                                                                    Function 00007FFA2E8B8E40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                    • API String ID: 2003779279-1866435925
                                                                                                                                                                                    • Opcode ID: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                                                                                                                                                                                    • Instruction ID: 30eb9e63b81011e01b2f44fc9d2cfc383a8f07e5bfb073f7338f79ea02e47240
                                                                                                                                                                                    • Opcode Fuzzy Hash: cc233273bfa1c65513c7e67a78c24352da40431d14dba0be8c4d666a4457c28a
                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF0A275B1850686EA94DB00DCC26F56322EF52704FE4883ED28D965A5DF3DF5C6C740
                                                                                                                                                                                    Function 00007FFA2E8C5480 Relevance: 7.8, APIs: 5, Instructions: 310stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1326169664-0
                                                                                                                                                                                    • Opcode ID: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                                                                                                                                                                                    • Instruction ID: ae9fdc87c0e2ed129c268ab0eeffede1e9af2abe3c8c1db9c99593afde4e787a
                                                                                                                                                                                    • Opcode Fuzzy Hash: eab38580ea290c77ceb2d98c0e29cea7fa803fa9bac279bfc6bf22addd717eee
                                                                                                                                                                                    • Instruction Fuzzy Hash: 62D18233B04B4585EB14DFA5D9846AC63B1FB4AB88F80913ADE8D27B59DF38E485C340
                                                                                                                                                                                    Function 00007FFA2E8C5900 Relevance: 7.8, APIs: 5, Instructions: 310stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1326169664-0
                                                                                                                                                                                    • Opcode ID: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                                                                                                                                                                                    • Instruction ID: a047c0d1574efe81d2572b93aa9908e18b757280d1250d55ed3e8f9829975e78
                                                                                                                                                                                    • Opcode Fuzzy Hash: b7ad8d1a14d3e280bfd2c9fee2ac01e34bfd42449dc3e592b0acd9d047312318
                                                                                                                                                                                    • Instruction Fuzzy Hash: D3D19333B04B4585EB14DFA5D8842AC63B1FB4AB98F80913ADE8D27B59DF38E485C340
                                                                                                                                                                                    Function 00007FFA2E8C3F30 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: fgetwc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2948136663-0
                                                                                                                                                                                    • Opcode ID: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                                                                                                                                                                                    • Instruction ID: b47b222441e4221eed4c79990599725dc00d90a7c48c7b1feedea4b240769188
                                                                                                                                                                                    • Opcode Fuzzy Hash: 665dac064206fc39fcc1b160602d8f3236a7480ff3dc4ecc992ecfcf07001616
                                                                                                                                                                                    • Instruction Fuzzy Hash: E8915B77705A81C9DB24CF25C8D42AC33A0FB5AB48F55A236EA9D57B94DF39E4A4C300
                                                                                                                                                                                    Function 00007FFA2E8BDDA4 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memcpymemset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3375828981-0
                                                                                                                                                                                    • Opcode ID: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                                                                                                                                                                                    • Instruction ID: 69af82b47d8c4c23cd8498e84ee1bb26735e72a3a6ee7729f2308f2a33c49710
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cca2d057d58f30d9e5f533c0aaedd69a1ab40bdc540b93ef6d119afabb443f8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 20310935B08A8691EA149B52D98437EA316FB0ABD0F44853DDE9D9BBD6DE7CF0C18300
                                                                                                                                                                                    Function 00007FFA533CA934 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NameName::$Name::operator+
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 826178784-0
                                                                                                                                                                                    • Opcode ID: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                                    • Instruction ID: 37316151fec41a6eeaefa85654fff89d50dcfa7458dc58621f060666ae89fb58
                                                                                                                                                                                    • Opcode Fuzzy Hash: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 78418026A38F4AD8E710CB21E8511BC77B6BF96BA0B588432DE4D67796DF38E415D300
                                                                                                                                                                                    Function 00007FFA2E8C20C0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ConditionSleepVariablesys_get_time$abort
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 312482523-0
                                                                                                                                                                                    • Opcode ID: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                                                                                                                                                                                    • Instruction ID: eca1f0e054fca534550ff171bc4c35ae0bbbc17a89c27952a614e89a71649656
                                                                                                                                                                                    • Opcode Fuzzy Hash: 96e7f8842942c3b2d73b7ecb98c68e85d53a45951b14d07eaa20537ba165998a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4711D573708A0252FB28E765ADD15BA5354BF97BC4F80E039EE8D63AC1DE2CF5858601
                                                                                                                                                                                    Function 00007FFA2E8BA620 Relevance: 7.5, APIs: 5, Instructions: 38fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileHandleLast$CloseCreateInformation
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1345328482-0
                                                                                                                                                                                    • Opcode ID: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                                                                                                                                                                                    • Instruction ID: ca6a48613183275afca52acc95b36aa8afad9b42b0638e5ed81e03363e441f43
                                                                                                                                                                                    • Opcode Fuzzy Hash: 04d2d814376d6bb09ae3f009730217eeab747e51e620414779b4025d1308134d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B01C475B0874082E7508B96FD44118B7A4BF95FA0F448239CA6D53B90DF78E855C700
                                                                                                                                                                                    Function 00007FFA2E8C2650 Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __acrt_iob_func$abortfputcfputs
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2697642930-0
                                                                                                                                                                                    • Opcode ID: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                                                                                                                                                                                    • Instruction ID: dae087aef3a78472319ae1adfd26f75aa9ec5857a1d7dc2662e83df7b1b5aeb0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2adc80e6c34f3fa97c52d98cabc675c8c2609d902c37e0c04ff45394e3927edd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 09E0627870460586E76417E1EC9D37DE266DF4EB51F84843DC90F66751DD1C54C54311
                                                                                                                                                                                    Function 00007FFA533C470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA533C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFA533C29EE), ref: 00007FFA533C6E56
                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533C488B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort
                                                                                                                                                                                    • String ID: $csm$csm
                                                                                                                                                                                    • API String ID: 4206212132-1512788406
                                                                                                                                                                                    • Opcode ID: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                                    • Instruction ID: c148e32db2fa364d24ac19d7c6caf005dd68722b879da5debcac399498cfbf62
                                                                                                                                                                                    • Opcode Fuzzy Hash: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5671B432918B9586D7228F25D04037DBBA2FF82BA9F08C135DE8C2768ACF2CD461D740
                                                                                                                                                                                    Function 00007FFA533C44E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA533C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFA533C29EE), ref: 00007FFA533C6E56
                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533C45DB
                                                                                                                                                                                    • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFA533C45EB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                    • API String ID: 4108983575-3733052814
                                                                                                                                                                                    • Opcode ID: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                                    • Instruction ID: 0b07817eeb08ef0f2c0e5e35c490eece0bc4ba94c1d4914dc9ce0dcc41004bc9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1151A372928B4686EB658B1195442687792FF82BA8F1CC135DA4C67BDBCF3CE471DB00
                                                                                                                                                                                    Function 00007FFA2E8E8550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA2E8E7992), ref: 00007FFA2E8E857C
                                                                                                                                                                                    • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA2E8E7992), ref: 00007FFA2E8E85D8
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: isspaceisxdigit
                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                    • API String ID: 2593999819-3887548279
                                                                                                                                                                                    • Opcode ID: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                                                                                                                                                                                    • Instruction ID: d3c9eda8b6a9ae293ec00e2b666056fcfdbba4357a505084fc6a2950794c4b7b
                                                                                                                                                                                    • Opcode Fuzzy Hash: fc7c23a7c039567d67a04b920b16e867f2505d07ebadceb99d7f16e0dd909cea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9041C632B0C68245FB644F7068982BE6B91AB17B80F0DD4B5DBDD17295CE3EF8868710
                                                                                                                                                                                    Function 00007FFA2E8EA448 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA2E8E9A82), ref: 00007FFA2E8EA475
                                                                                                                                                                                    • iswxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFA2E8E9A82), ref: 00007FFA2E8EA4E0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: iswspaceiswxdigit
                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                    • API String ID: 1229460652-3887548279
                                                                                                                                                                                    • Opcode ID: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                                                                                                                                                                                    • Instruction ID: ef348f3bb336820120fa97a27c86730ab3d880e4b35797e3c94c8aea5e7a2550
                                                                                                                                                                                    • Opcode Fuzzy Hash: deebbfd38f7587fa7528bdad45480f99d0ec9165af0fa8f62bcc5bd453822d63
                                                                                                                                                                                    • Instruction Fuzzy Hash: FE417376B0425385FF645FA1989517A76A1EB11F84B4CC0BAFACD67184EF3CF8C19210
                                                                                                                                                                                    Function 00007FFA533B2600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 444109036-1018135373
                                                                                                                                                                                    • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                    • Instruction ID: c10eda88465fb3a1c0fe7d1eb1acbf2b60bfb112dac0d9aa8dc5fe786db30e4b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 47519F72A28B8182D620DB15E45126E77B5FBCABB0F088235EB8D57B55CF3CE461CB00
                                                                                                                                                                                    Function 00007FFA2E8B2560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Exception$RaiseThrowabort
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 3758033050-1018135373
                                                                                                                                                                                    • Opcode ID: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                                                                                                                                                                                    • Instruction ID: d1dad3e6b560e2743880223a99ead38cdb1dc74803af5af992da5c3452046c68
                                                                                                                                                                                    • Opcode Fuzzy Hash: 261c4afda17c09415e2c6af5b9966bee539a50c597a23ed9b9d364709685dc8f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 34518132A04B8986DB20CF28C8902E87360FB5AB58F15D32ADA9D57756DF39E5D5C300
                                                                                                                                                                                    Function 00007FFA2E8BF140 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFA2E8BF0C4
                                                                                                                                                                                    • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFA2E8BF0D6
                                                                                                                                                                                    • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFA2E8BF15B
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F12
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F38
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F50
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: setlocale$freemallocmemcpy
                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                    • API String ID: 1663771476-1405518554
                                                                                                                                                                                    • Opcode ID: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                                                                                                                                                                                    • Instruction ID: c764d74f6231728a3f1248c5853138cec65a2fd6e66b09d8ee82adebb7ff1628
                                                                                                                                                                                    • Opcode Fuzzy Hash: 08a6f5c57b1be5a9add0e273861760b4f39e67018b9fa34bd3ca70ab27e09527
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B318331F0868281FB658B56DC8417DA7A2AF56BD0F58C03EDA8D97695DE6CF4C28300
                                                                                                                                                                                    Function 00007FFA2E8D1D74 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8CE108), ref: 00007FFA2E8D1DB6
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD07
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD23
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8C6C8C: _Maklocstr.LIBCPMT ref: 00007FFA2E8C6CBC
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8C6C8C: _Maklocstr.LIBCPMT ref: 00007FFA2E8C6CDB
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8C6C8C: _Maklocstr.LIBCPMT ref: 00007FFA2E8C6CFA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                    • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                    • API String ID: 2904694926-3573081731
                                                                                                                                                                                    • Opcode ID: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                                                                                                                                                                                    • Instruction ID: 95cffb52484d65bad6309ff08e156c11d8fe24ad6b0ef058370269f4b82bfbf7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cd607073df7080e69ea9131073b45ad881556beb21ddbc1d653f5db8213cc63
                                                                                                                                                                                    • Instruction Fuzzy Hash: 34419F72A08B818BE724CB25D99037D7BE4FB5AB81F048229D78D93A41DF78F4A5C700
                                                                                                                                                                                    Function 00007FFA2E8E2AB4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 96COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFA2E8E0F78), ref: 00007FFA2E8E2AF6
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD07
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8BBCDC: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8DFFF6,?,?,?,?,?,?,?,?,00000000,00007FFA2E8E113E), ref: 00007FFA2E8BBD23
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemcpy
                                                                                                                                                                                    • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                    • API String ID: 3376215315-3573081731
                                                                                                                                                                                    • Opcode ID: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                                                                                                                                                                                    • Instruction ID: 3648ffaeb292c1b5c0a5e693e6c203bf0fdfaac686f5bbcd7d785133edcd7c6d
                                                                                                                                                                                    • Opcode Fuzzy Hash: eb719774cfb62a90454d1891f9ce1a371d1c892a1e2510fd0456a6b8d0b369e9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941CE72A08B858BE724CF21C99036D7BA4FB96B81F098269D78D53E01DF78F0A1C700
                                                                                                                                                                                    Function 00007FFA533CB12C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NameName::
                                                                                                                                                                                    • String ID: %lf
                                                                                                                                                                                    • API String ID: 1333004437-2891890143
                                                                                                                                                                                    • Opcode ID: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                                    • Instruction ID: beb39fa8f90595c978674c9e182269db365262cdabf1bbf0ffd335e8c0f0ad45
                                                                                                                                                                                    • Opcode Fuzzy Hash: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                                    • Instruction Fuzzy Hash: F331B861A28F8A85E611DB12A8501FA7362BFD7BE0F4CC231E98E67756DE2CE501D340
                                                                                                                                                                                    Function 00007FFA2E8BA500 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                    • API String ID: 544952861-248832578
                                                                                                                                                                                    • Opcode ID: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                                                                                                                                                                                    • Instruction ID: f3f7461980f9a6ee213123dcdbc8eca751c0b6be90a7c8136ba0473b9e6e2a06
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a3af598216dff21e458494619afe40eb37faadcb3b93049594c641d4f78051c
                                                                                                                                                                                    • Instruction Fuzzy Hash: E8219576B0C64181EF709F95EC843BA63A0EB46750F84C139DA8D92684DF3CE5C98B00
                                                                                                                                                                                    Function 00007FFA2E8B6CB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                    • String ID: ios_base::badbit set
                                                                                                                                                                                    • API String ID: 1099746521-3882152299
                                                                                                                                                                                    • Opcode ID: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                                                                                                                                                                                    • Instruction ID: 174f2457903fbd873ff7fbf5f34efcd333894f7f07c82b8be7d8f3ffe3c4757a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 018ee0c90b73427b9024bd816620f1867f50948ceef7cf10cb4f2d2fa00001b7
                                                                                                                                                                                    • Instruction Fuzzy Hash: C7014231B2860681F6689724DCC16B81313AF82340F68C43ED58DA29A6DE3EF5C69240
                                                                                                                                                                                    Function 00007FFA533C2A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA533C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFA533C29EE), ref: 00007FFA533C6E56
                                                                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533C2A8E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abortterminate
                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                    • API String ID: 661698970-2671469338
                                                                                                                                                                                    • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                    • Instruction ID: a43c810a06b6294844c101d7735b0b6a40ddb891e87c806e61f020873ff3b756
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 25F01936928B4A86EB646B61E28106D3665EF89B60F1D9031D74C67262CF3CD4909B01
                                                                                                                                                                                    Function 00007FFA533B1268 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA533B3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFA533B1222), ref: 00007FFA533B3564
                                                                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533B12A6
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abortterminate
                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                    • API String ID: 661698970-2671469338
                                                                                                                                                                                    • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                    • Instruction ID: cd9b0fd2247a4e19a8d9f1c07efcd5863f45078922a7eefd13486c151220aa5d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F0AF36D38F0682E7206B50E59006872E5FF8AB60F0CD031CB4C56252CF3CE4A0CA00
                                                                                                                                                                                    Function 000001F6D1108928 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1711108183.000001F6D1101000.00000020.00000001.01000000.00000016.sdmp, Offset: 000001F6D1100000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1711075880.000001F6D1100000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711237531.000001F6D110A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711424326.000001F6D1119000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1711457089.000001F6D111A000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_1f6d1100000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 2542180945-1018135373
                                                                                                                                                                                    • Opcode ID: 2e76209eb4770ae1a8cec3ed75a09310b1c056595c25d1edd3916f1c1df7f85e
                                                                                                                                                                                    • Instruction ID: 51d340c385d4b2cecb565659bb7599c5b0959dc02578d3952144ebcf14936e37
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e76209eb4770ae1a8cec3ed75a09310b1c056595c25d1edd3916f1c1df7f85e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF0F437B15B45CAE714AFA2EC902AC3768F788B88F495121FA8D47759CF74C8A08300
                                                                                                                                                                                    Function 00007FFA533CA64C Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2943138195-0
                                                                                                                                                                                    • Opcode ID: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                                    • Instruction ID: cfae1d39e99d0b2975fd464c404fcbc85ab0b5480c58a4ad2dc097ce434abdca
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                                    • Instruction Fuzzy Hash: D0916D26E38B5A89F7118B64D8403AC37B2BF86768F58C035DE4D6B696DF38E845D340
                                                                                                                                                                                    Function 00007FFA2E8C08E0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                                                                                                                                                                                    • Instruction ID: 82260ba91dfcd45dad9d98ead85f49431ac09c07a9dea136b67b2312bf78d093
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bf86c15d167ca1b722685e0103f86037bcff96b1b6033d51cf2d162a52a1363
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0351E433F18A458AF7148BB5D8903FD6371AB5A7D8F409239DE9C77A95DE38E485C200
                                                                                                                                                                                    Function 00007FFA2E8DB760 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                                                                                                                                                                                    • Instruction ID: 0506eeb07632d13762b983202b5a1e4b6e3efb98aa9a91902d8d8a4b9106bd47
                                                                                                                                                                                    • Opcode Fuzzy Hash: 28984f98ca58f18e21ceb63ea1433bc53d751f2c12ebce4a226b3e0a167273aa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7151E933F14A858AF7108B75D8902FD63B1AF5A7A8F449239DE9D77B94DE28E485C200
                                                                                                                                                                                    Function 00007FFA2E8DC500 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                                                                                                                                                                                    • Instruction ID: 7062f2372c4e715a1151f83a67519aac8c8336770fa083cbbb8a6a8178736485
                                                                                                                                                                                    • Opcode Fuzzy Hash: 463a2c1d961d70ae2d93a223d66e599cacade6faaa673944bf5804e1b7f3acea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A51E972F18A458AF710CBB5D8802FC63B1AF59798F409239DE5DB7A94DF28E4858600
                                                                                                                                                                                    Function 00007FFA2E8DC2F0 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                                                                                                                                                                                    • Instruction ID: b9d843c4ddf402cffeb7a5ecfe6a25fdc44991ac8fbe2e807bac093801401b9b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 52c0d71795aa0355fcff9baaf47f5d7e2f62005f051148905658a4c8151e0ad5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D51F633F18A458AF714CB75D8802FC63B1EB5A798F409239DE9D77AA4DE38E4858300
                                                                                                                                                                                    Function 00007FFA2E8C0AF0 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                                                                                                                                                                                    • Instruction ID: 7e5d3122f583989ed3573ec7b3d667aa4d4c6b54407411971234e7a60ec2fc3b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f99b437fa0fc26efb7f597306d054b0727493c09407e56594237e33df4974a8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51F533F18A858AF714CB79D8902FD6371AB5A7D8F409239DE9C37A95DE38E4858200
                                                                                                                                                                                    Function 00007FFA2E8DB970 Relevance: 6.1, APIs: 4, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _dclass_invalid_parameter_noinfo_noreturnfrexpmemsetswprintf_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2079887105-0
                                                                                                                                                                                    • Opcode ID: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                                                                                                                                                                                    • Instruction ID: d3b9f4e2d9a4187dc43d75c5a1e863674d702de4e45765db5fcb45de320d59a0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 547e2dfa5947428b3ae18f90bf3648036323453917eb86f1641c7f5b25a5a8fe
                                                                                                                                                                                    • Instruction Fuzzy Hash: F451FA33F14A858AF710CB75D8902FC63B1AF59798F409239DE9D77A94EE28E585C200
                                                                                                                                                                                    Function 00007FFA2E8CB7FC Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1775671525-0
                                                                                                                                                                                    • Opcode ID: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                                                                                                                                                                                    • Instruction ID: c320549b8219be6186095d0830e2dd9683bec049be3012fe79d4751536c40807
                                                                                                                                                                                    • Opcode Fuzzy Hash: 429c7b77b82fee0374b93ee0c4dfe6c600e266e95c9878b7ea233d49508b040b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 77415736B08A5591E9089B52E994239A351EB06FE4F549B39DEBC27BD5EE3CF0C5C300
                                                                                                                                                                                    Function 00007FFA2E8DE518 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Xp_movx$Xp_setw_errnoldexpmemcpy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2233944734-0
                                                                                                                                                                                    • Opcode ID: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                                                                                                                                                                                    • Instruction ID: ef95e4b7b1640e0b201e49dea65b5aee90242d9264d7d335bf24822100693568
                                                                                                                                                                                    • Opcode Fuzzy Hash: b062394a836a4e2e40923a72f0d4e26a89610e5abb20f155a36017309333d51b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6041F837F1CA4582F6119B7998C12B963A0BF8A780F54C179EA8DB3695DF3CF585C600
                                                                                                                                                                                    Function 00007FFA2E8B31A0 Relevance: 6.1, APIs: 4, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2234106055-0
                                                                                                                                                                                    • Opcode ID: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                                                                                                                                                                                    • Instruction ID: 3a492107054724f629f0f9df175499f17638f77f942de902c656137fb096a8f3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 52f5abae251336afaa4017f625e478ce211e56b8126db0b55e756538effdf990
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5331A232B0C74186F7218F15A89427D6A52EB81B91F58803EEACD97B99CE7CF484C710
                                                                                                                                                                                    Function 00007FFA2E8B3060 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3857474680-0
                                                                                                                                                                                    • Opcode ID: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                                                                                                                                                                                    • Instruction ID: bd90d6b832050a40523949611b4661701ce83c223dbcb3c09081b7f010c3894d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7376d5eefc67f6f5de30df645cb54121da78efe5e1b63549edd76ab7568d0388
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C31A272F0C74282E7158B15AC9037D6A62EB81B91F58803DDACE97795DEACF4C5C710
                                                                                                                                                                                    Function 00007FFA533CD284 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3863519203-0
                                                                                                                                                                                    • Opcode ID: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                                    • Instruction ID: e6fb59638c0a95186a9a8c44c65197745f6a1b9f1e59114e3e81f0e9a9bdb72f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F415672A14B8599E7018F64D8413AC37A1BB8ABA8F58C425DE4C6B75ADF7CD441C340
                                                                                                                                                                                    Function 00007FFA2E8E97E0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,00000000,?,?,?,00007FFA2E8DCFD4), ref: 00007FFA2E8E9827
                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000000,?,?,?,00007FFA2E8DCFD4), ref: 00007FFA2E8E984B
                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFA2E8DCFD4), ref: 00007FFA2E8E9858
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFA2E8DCFD4), ref: 00007FFA2E8E98CB
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B2E70: wcsnlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFA2E8B2E9A
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B2E70: LCMapStringEx.KERNEL32 ref: 00007FFA2E8B2EDE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: String___lc_locale_name_funcfreemallocmemcpywcsnlen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2888714520-0
                                                                                                                                                                                    • Opcode ID: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                                                                                                                                                                                    • Instruction ID: 4f0be04c613a0c6364198ea19007576671bcec234e5d7d6acc59f2cd18870c1f
                                                                                                                                                                                    • Opcode Fuzzy Hash: c4d5e758bc47d34044bf9718e525388041ed3fd6659d0db39019bcdfe8b13b09
                                                                                                                                                                                    • Instruction Fuzzy Hash: C421EC31F08A9185E6209F12AC40465AA64FB46BE4F5C8179EE9D37BE5DE7CF0818340
                                                                                                                                                                                    Function 00007FFA2E8E8E40 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFA2E8E3DBB), ref: 00007FFA2E8E8E74
                                                                                                                                                                                    • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFA2E8E3DBB), ref: 00007FFA2E8E8E7E
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B2740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFA2E8B2786
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B2740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFA2E8B27AB
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B2740: GetCPInfo.KERNEL32 ref: 00007FFA2E8B27EB
                                                                                                                                                                                    • memcmp.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFA2E8E3DBB), ref: 00007FFA2E8E8EA1
                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFA2E8E3DBB), ref: 00007FFA2E8E8EDF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3421985146-0
                                                                                                                                                                                    • Opcode ID: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                                                                                                                                                                                    • Instruction ID: 41c73246da7dab71975ff3653bdfdcfaf740f805b5c1aff002513231039a0add
                                                                                                                                                                                    • Opcode Fuzzy Hash: 08ab9a1cd4defa28f76ee9ac7d5f3421bd100c8117584ef399c6a0e584e041b9
                                                                                                                                                                                    • Instruction Fuzzy Hash: C1215331B08B8286E7248F56D88402DF695FB95FD0B4C8179EA9D67B95CF3CE4818704
                                                                                                                                                                                    Function 00007FFA2E8E9900 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                    • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                    • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                    • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3203701943-0
                                                                                                                                                                                    • Opcode ID: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                                                                                                                                                                                    • Instruction ID: 2de5cde864d2c9d20aee5baade7050e3b1ebce4aecaf718a68160a4b8817bd7d
                                                                                                                                                                                    • Opcode Fuzzy Hash: b0a850728f27c648c27fe846aa2e7cbe59c6be2066502b5f54062314fecc5241
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1101E5B2F1474186DB159F7AD844178F7A0FB59B84B58D23AE94E87714DA7CD0C28700
                                                                                                                                                                                    Function 00007FFA2E8B24C8 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: malloc
                                                                                                                                                                                    • String ID: MOC$RCC$csm
                                                                                                                                                                                    • API String ID: 2803490479-2671469338
                                                                                                                                                                                    • Opcode ID: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                                                                                                                                                                                    • Instruction ID: 9938e9b194299b8a26eb72d3e1821cc8084dad245a34943439c4dd44b16dd69b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 186ca9cc866d11d3281b746f5bb68b981bb96cf266041ffe99b677e9713e91bc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01B531F0810285EBA55F5199D017E62A2AF4AB84F58D03DCA9D97799DE2CF4C18703
                                                                                                                                                                                    Function 00007FFA2E9022C0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                    • Opcode ID: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                                                                                                                                                                                    • Instruction ID: 4d2e5ff17b7943e7da4a4c53f39e2e6eec41541150d3c5a7628622783daae34f
                                                                                                                                                                                    • Opcode Fuzzy Hash: aae2076582cbedc1cb3f8c5ccaeda9bd420d6b9cb24c1c134d2564b2bb58ef93
                                                                                                                                                                                    • Instruction Fuzzy Hash: E5111F36B14B0189EB00CBA0EC942B873A4F75AB58F845E3AEE6D56B54DF7CD1948340
                                                                                                                                                                                    Function 00007FFA533D0A2C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                    • Opcode ID: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                                    • Instruction ID: 8101b3f270f41222d1dfbf0801c4b1825f609224cad8568f311851feaccb03f1
                                                                                                                                                                                    • Opcode Fuzzy Hash: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC112126B24F0189EB00CF74E8542B833A4FB597A8F484D31DA5D57754DF7CD5588340
                                                                                                                                                                                    Function 00007FFA533B456C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                    • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                    • Instruction ID: 7c7342e3657ebedcd4a199d3e65425134ce031a1200eb9065be840229b9319cd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B11F136B25F0189EB40CF60E8652B833B4FB9A768F481D35DA5D56754DF7CD1548340
                                                                                                                                                                                    Function 00007FFA533CF6A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 451473138-1018135373
                                                                                                                                                                                    • Opcode ID: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                                    • Instruction ID: 0754a50c10d153ee0be1cbbf39f44dd55329ab27c98d912d2d3954de6379c0f7
                                                                                                                                                                                    • Opcode Fuzzy Hash: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1351A132A29F068ADB148B25E44463C37A2FF85BA4F59C131EA4E5378ADF3CE851D710
                                                                                                                                                                                    Function 00007FFA533C4E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abort$CreateFrameInfo
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 2697087660-1018135373
                                                                                                                                                                                    • Opcode ID: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                                    • Instruction ID: 8cb92260e989f3466171bf2c18332dbba877d0d82dd7cad37925ac7461891027
                                                                                                                                                                                    • Opcode Fuzzy Hash: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 82515033628B4587E6209B26E14027E77A5FBCABA0F184135EB8D57B56CF3CD460DB00
                                                                                                                                                                                    Function 00007FFA2E8C0ED0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                                                                                                                                                                                    • Instruction ID: a550f9269289de044060e8dfdb890b7c3819fa78d53b29363fd87efe38656b81
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ec555f3ee8adb07872eae90849ac8a8bcf68c1dac9c639f359ea0151880464c
                                                                                                                                                                                    • Instruction Fuzzy Hash: D031C2236187C589E7258B55E8903EBAB51EB9B784F449139EBCC17B85CB2CE588C700
                                                                                                                                                                                    Function 00007FFA2E8DBD40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                                                                                                                                                                                    • Instruction ID: 7cedc7fae9067696d8ba51410916463dc9385b8a0c9e863b5c90ffb70e797ed3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 186e6b7b65756e765ad9213a07cff03190eae5dfd83764849c967a8c8dfc9711
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC21E5237087C486E7118711E8503EAA7A1EB9A784F54C039EACC57B89DF7CE488C701
                                                                                                                                                                                    Function 00007FFA2E8C0DB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                                                                                                                                                                                    • Instruction ID: b1e80e392738a8ee9745d36b32598f1a191b9083bfbefa0059d213b4584a67fd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c44a3b0f31c0479e37dba94058b9afffbb914e1bb85328f0ade4355861215de
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4031C2237087C589E7258B55E8903EAAB51EB97784F449139DBCC17B85CB2CE548C700
                                                                                                                                                                                    Function 00007FFA2E8DBC30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                                                                                                                                                                                    • Instruction ID: 275471f92a7e7e3ef46bb46ac912256adb2752017be512466a95363357162c5c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e90ffe9c642c782b465d9d2f26a06a4c3046476c753383f1b4efba89a8bb124
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B21E322B08BC486E7118711E8903EAA7D1FB96784F44C039EACC57B99DF7CE588C701
                                                                                                                                                                                    Function 00007FFA2E8C06C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                                                                                                                                                                                    • Instruction ID: 286e0083b1982cef36b1f2a6e5d5996e899436963649b8add4190fd56af25e9c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d343aecaae5f0a76076223a56a0f4f168b2cd057e740f3eccfeff4a92ce7600
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4221932370C7C589E7258B55E8803EAA7A1E79A784F58D135EACC17B89CF3CD486CB50
                                                                                                                                                                                    Function 00007FFA2E8C07D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                                                                                                                                                                                    • Instruction ID: 2c1c6a3eaf7053f60dc73792362b64d2a7bd03a366c780de8dbeb959c77ddc97
                                                                                                                                                                                    • Opcode Fuzzy Hash: b677d03a977e7ff8e996dd34085338dd1964c5713c0a840dc1551a9c64cee9bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7221B423B0C7C585E7258755E8803EAA761E796784F58D039EACC27B89CB7CD445C750
                                                                                                                                                                                    Function 00007FFA2E8DB650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                                                                                                                                                                                    • Instruction ID: 55e0316af7b5798c2148e902545d2580e74dd83193523f682b0654130e91f98a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 364c9598b53bbc02dc436ed942a7a46d58674911a20bd110850e6760a15a3126
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B21E62370C7C485E7218B65E8403EAA7A1EBAA794F54C035EACC97B99DF7CD485C701
                                                                                                                                                                                    Function 00007FFA2E8DC0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                                                                                                                                                                                    • Instruction ID: 872041d857591e6fc677ce06ad2a1d0abc52d291f6842b85f9f3fcb24480879b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 59944cb45f2b4bb69df20970651e644d9ceece964d4cad3fe5998f5e56035204
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E21B62370C7C485EB218765E8403EAA7A1EBAA784F54C035EACC57B89DF7CD486C751
                                                                                                                                                                                    Function 00007FFA2E8DC1E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: swprintf_s
                                                                                                                                                                                    • String ID: %$+
                                                                                                                                                                                    • API String ID: 3896565401-2626897407
                                                                                                                                                                                    • Opcode ID: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                                                                                                                                                                                    • Instruction ID: e5b549aab4e607846a03c359148ea2f3df546841c88c2ec4d815f3ddb12c5a06
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a816d08360c454dff1b713474d730c4b81135c03d4d38df6b14bf42891274fa
                                                                                                                                                                                    • Instruction Fuzzy Hash: BB21D72270C7C489E7218765E8403EAA3A1EBDA784F54C035EACC57B89DF7CD485C751
                                                                                                                                                                                    Function 00007FFA533CA538 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Name::operator+
                                                                                                                                                                                    • String ID: void$void
                                                                                                                                                                                    • API String ID: 2943138195-3746155364
                                                                                                                                                                                    • Opcode ID: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                                    • Instruction ID: 0788a8f9c6ff8779354acd315bf8125bb0918a2872d0266e21910b6736159f34
                                                                                                                                                                                    • Opcode Fuzzy Hash: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 87311862E28F599CFB018BA4E8400EC37B1BB89758F488536DE8E66B5ADF389154C750
                                                                                                                                                                                    Function 00007FFA2E8BE980 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFA2E8BE864), ref: 00007FFA2E8BE9A4
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9920
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9928
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E9931
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8E9900: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFA2E8B61A3), ref: 00007FFA2E8E994D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                    • API String ID: 2502581279-2658103896
                                                                                                                                                                                    • Opcode ID: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                                                                                                                                                                                    • Instruction ID: e9f7984b11b3624f67b72688d1b02b1ca49c8dfe0832f717e6b5fa2ffb402982
                                                                                                                                                                                    • Opcode Fuzzy Hash: 721acee9423e687bc6e3ffadff0e188acaee766046d04793891568fb5dd5ed72
                                                                                                                                                                                    • Instruction Fuzzy Hash: DC21A236608B8595E720DF21E8903AA77A1FB997A4F84813ADA8C17759CF38D195C780
                                                                                                                                                                                    Function 00007FFA533C676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHeader$ExceptionRaise
                                                                                                                                                                                    • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                                                                    • API String ID: 3685223789-3176238549
                                                                                                                                                                                    • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                    • Instruction ID: 558959491c66f3faedc38b8d1d4ed4e8be012dd653fc71fa719a650ea63fd0d4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                                    • Instruction Fuzzy Hash: B9015EA1A39F4AA1EE40DB54E8501786362FFC1BA4F8C9831E54E1666AEF6CE548D700
                                                                                                                                                                                    Function 00007FFA533C6B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                    • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                    • Instruction ID: d70474274e0e052abec7ba05502e46ee1bebbd9f2aa48fc416c15a4db4365b19
                                                                                                                                                                                    • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                                    • Instruction Fuzzy Hash: CD112E32618F4582EB618B15F440269B7E5FB89BA4F5C8230DE8D17759DF3DD5518700
                                                                                                                                                                                    Function 00007FFA533B3244 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                    • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                    • Instruction ID: 2658697355ab9f81a6a5df3e6eea3e7232b43f779bc9aacd4c9f1bc1b5a83c64
                                                                                                                                                                                    • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 04111932629F8182EB618F15E45026977E6FB89BA4F588234DECC1B758DF3CD5518B00
                                                                                                                                                                                    Function 00007FFA533CF450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00007FFA533C6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFA533C29EE), ref: 00007FFA533C6E56
                                                                                                                                                                                    • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFA533CF48A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: abortterminate
                                                                                                                                                                                    • String ID: csm$f
                                                                                                                                                                                    • API String ID: 661698970-629598281
                                                                                                                                                                                    • Opcode ID: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                                    • Instruction ID: 9cd6dbbbfbee824711a3ca70760e6143ab2cda047538e78472cd41d869ac92ba
                                                                                                                                                                                    • Opcode Fuzzy Hash: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                                    • Instruction Fuzzy Hash: F3E03022A2CB5A81E6206B71A18017D27A6AFCBB74F1DC075DA8C16657CE38D9A09711
                                                                                                                                                                                    Function 00007FFA2E8B6B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA2E8B6B5D
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4F99
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FC8
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FDF
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFA2E8B6B7A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFA2E8B6B85
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                                    • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                                    • API String ID: 1628830074-2030377133
                                                                                                                                                                                    • Opcode ID: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                                                                                                                                                                                    • Instruction ID: bef9d48d6d7fd6472b3af7a9340e38a08f885c3d2abc4f503d227acaae655a15
                                                                                                                                                                                    • Opcode Fuzzy Hash: 58903103ffa2ea38267c1cb8d3ed3a07be80c6a0489380fa06a448974bfd1a2a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CE06D31709A0199EB509B61E8C4369A365EF05BD4F84903ADA0E16759DF3CD8C4C380
                                                                                                                                                                                    Function 00007FFA2E8B6B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA2E8B6B0D
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4F99
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FC8
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4F70: memcpy.VCRUNTIME140(?,?,00000000,00007FFA2E8C6FAD,?,?,?,?,?,?,?,?,?,00007FFA2E8CE9FE), ref: 00007FFA2E8B4FDF
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFA2E8B6B2A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFA2E8B6B35
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                                    • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                    • API String ID: 1347072587-3283725177
                                                                                                                                                                                    • Opcode ID: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                                                                                                                                                                                    • Instruction ID: e00a659caa6dbcb872f42ddd50846c181f111f3788faa218f94f474254f35938
                                                                                                                                                                                    • Opcode Fuzzy Hash: 491e972c8bff342c0b3e2341061dfc53bffd4ec5bd76dda20caadaa026c5660d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FE06D76708A0285EB209F51E8C4379A371EF09B94F949139DA0D46768DF3CD8C4C740
                                                                                                                                                                                    Function 00007FFA2E8B6440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA2E8B644D
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F12
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F38
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F50
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFA2E8B646A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFA2E8B6475
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                                    • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                                    • API String ID: 1628830074-4232081075
                                                                                                                                                                                    • Opcode ID: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                                                                                                                                                                                    • Instruction ID: ec677d18bbe94912313666ff07846449319f83f3e63612b51f732959b0918e25
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3d7b746740ef89b1ebcb4e51b32cfe808f69842bcf79fc42b6d339746554cb9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 45E06D32B09A4181EB149F61E9C5379A361EF19B94F848039DA4D46B69DF3CE8D5C380
                                                                                                                                                                                    Function 00007FFA2E8B63D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFA2E8B63DD
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F12
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F38
                                                                                                                                                                                      • Part of subcall function 00007FFA2E8B4EF0: memcpy.VCRUNTIME140(?,?,?,00007FFA2E8C17E4,?,?,?,00007FFA2E8B454B,?,?,?,00007FFA2E8B5C41), ref: 00007FFA2E8B4F50
                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFA2E8B63FA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFA2E8B6405
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                                    • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                    • API String ID: 1347072587-3283725177
                                                                                                                                                                                    • Opcode ID: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                                                                                                                                                                                    • Instruction ID: 61389adaa09840402e2bdc010f69de2a3c4f26fbe4daa70c28af0ed13b2579e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: c15b05420722401e6fd35f1a9a4c3c3fac8c1189437b617335133950bed26ea2
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6E06D31708B8185EB109B51E9C4369A361EF05F94F88C039DA4D4AB59EF3CE8C4C350
                                                                                                                                                                                    Function 00007FFA533C6E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FFA533C6CE9,?,?,?,?,00007FFA533D05B2,?,?,?,?,?), ref: 00007FFA533C6E83
                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FFA533C6CE9,?,?,?,?,00007FFA533D05B2,?,?,?,?,?), ref: 00007FFA533C6F0C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1722402753.00007FFA533C1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFA533C0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1722337500.00007FFA533C0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722615631.00007FFA533D3000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722687070.00007FFA533D8000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722727041.00007FFA533D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533c0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                    • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                    • Instruction ID: e149cc964018c22f7cca60394ab27d78f6a1cd06ab999098b543015b63b13d39
                                                                                                                                                                                    • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D116020E29F4782FA119765A8001742693AFCA7F0F0CCA34DD2E277D6DE2CF8419700
                                                                                                                                                                                    Function 00007FFA533B3464 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FFA533B3325,?,?,?,?,00007FFA533B41CA,?,?,?,?,?), ref: 00007FFA533B3483
                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FFA533B3325,?,?,?,?,00007FFA533B41CA,?,?,?,?,?), ref: 00007FFA533B350B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1721927214.00007FFA533B1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFA533B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1721853691.00007FFA533B0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722072024.00007FFA533B5000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722216147.00007FFA533B8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1722281412.00007FFA533B9000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa533b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                    • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                    • Instruction ID: f9db255dc1362b807eaaf5e5f547ea33dfc712b3f017238edd02ac894737ab62
                                                                                                                                                                                    • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E113020E29F5692FA5697A5A8301792693AFCA7B0F1CC635D92E673D4DE3CF4418600
                                                                                                                                                                                    Function 00007FFA2E8CD780 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                    • Opcode ID: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                                                                                                                                                                                    • Instruction ID: 6c2731f09bfabe632cad110e35d6c8257044b94e624ec8cb5f47c208b8de6db6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 232d6a95f21198eac45a7db5673a4c35294f27fe46f5697967a766f55e7756fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0193A718B029ADB54AB56E9D4168B320FF89B90B808036CA4D53F60DF6DE4E58300
                                                                                                                                                                                    Function 00007FFA2E8CD710 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                    • Opcode ID: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                                                                                                                                                                                    • Instruction ID: 67dec73bcf30491d3d52ff977cdec9c7ca8b4841cbf9fe86c3b3ca6fb36313ce
                                                                                                                                                                                    • Opcode Fuzzy Hash: 17e99220f8967c12a32b4232ba5c95c8a342f86e10a6801ad5c103a484bf211d
                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F0193A718B029ADB14AB56EAD4168B320FF89B90F808036CA4D53F61DF2DE4E58300
                                                                                                                                                                                    Function 00007FFA2E8E0AB0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                    • Opcode ID: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                                                                                                                                                                                    • Instruction ID: 76d973e37f1521db00d850fa83dbbf6eb44b96f0c4cedaf1bcd7e86581e9eede
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3328a908bbbcdaedd706fd94bdc45f6dfb402d07c88e9721b686c43f08177589
                                                                                                                                                                                    • Instruction Fuzzy Hash: C2F01939718B02DADB14AB56E9D4168B320FF89B90B948036CE4D53B71DF6DE4E58300
                                                                                                                                                                                    Function 00007FFA2E8CD508 Relevance: 5.0, APIs: 4, Instructions: 16COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000012.00000002.1719517024.00007FFA2E8B1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFA2E8B0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000012.00000002.1719483718.00007FFA2E8B0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1720476962.00007FFA2E905000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721650502.00007FFA2E933000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000012.00000002.1721758727.00007FFA2E937000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_18_2_7ffa2e8b0000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                    • Opcode ID: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                                                                                                                                                                                    • Instruction ID: a4cdebec2584a34bc2486354223b7ecf91f77b56a0bd031deeb968ddad6beaf8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b36adbf8a5d9ce7058db387187efa5dd8d77d4407507034b1847c1e99744d1d
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E09A76B14A01DAEB24AF61DC94028B330EF89F59B585036CE0E56664CF69D4D58300

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:12.6%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:3
                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                    execution_graph 5973 7ff9cd288b94 5974 7ff9cd288b9d LoadLibraryExW 5973->5974 5976 7ff9cd288c4d 5974->5976

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD288B94 Relevance: 1.6, APIs: 1, Instructions: 113libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 792 7ff9cd288b94-7ff9cd288b9b 793 7ff9cd288ba6-7ff9cd288c0f 792->793 794 7ff9cd288b9d-7ff9cd288ba5 792->794 797 7ff9cd288c11-7ff9cd288c16 793->797 798 7ff9cd288c19-7ff9cd288c4b LoadLibraryExW 793->798 794->793 797->798 799 7ff9cd288c53-7ff9cd288c7a 798->799 800 7ff9cd288c4d 798->800 800->799
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001C.00000002.1978875629.00007FF9CD280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD280000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ff9cd280000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                    • Opcode ID: 1d030fe8a482b00770306397de9a72d3d5233a53c8c46a467c338db95ff1fc7f
                                                                                                                                                                                    • Instruction ID: 4ae3fd873891d3bf82696fada108edd60ebfe7bc4770a9fd11b717d852fdd42f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d030fe8a482b00770306397de9a72d3d5233a53c8c46a467c338db95ff1fc7f
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC31D37190CA4D8FDB59DF689849BE9BBF0FF66320F04822BD049D3251DB74A815CB91
                                                                                                                                                                                    Function 00007FF9CD16E24A Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001C.00000002.1977976368.00007FF9CD16D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD16D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ff9cd16d000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: `{k+
                                                                                                                                                                                    • API String ID: 0-1752425602
                                                                                                                                                                                    • Opcode ID: 6d7f96579e98aa0e1d52aa1f189e210da7e5c160f4d59196fd8835d3154b828d
                                                                                                                                                                                    • Instruction ID: 9075c63bfe561cdc7dcd13b582c12dc1b02ae3b3d918bf1d80b331548afde939
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d7f96579e98aa0e1d52aa1f189e210da7e5c160f4d59196fd8835d3154b828d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D51397050CB868FE769DF2C88459623FF0EF56710B1446AFD088CB1A3E665F806CB42
                                                                                                                                                                                    Function 00007FF9CD16E2C0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001C.00000002.1977976368.00007FF9CD16D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD16D000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_28_2_7ff9cd16d000_ZipThisApp.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a609ea67170fee028e58db138cf6d2749a709cad6afc822efe2920759cfda895
                                                                                                                                                                                    • Instruction ID: 971fed7a5d492e191e458138f75952b153db813bd99ad12ebdcb4022ff702937
                                                                                                                                                                                    • Opcode Fuzzy Hash: a609ea67170fee028e58db138cf6d2749a709cad6afc822efe2920759cfda895
                                                                                                                                                                                    • Instruction Fuzzy Hash: 83312B6090DBC68FE76ACF288855A223FF1EF56710B1542EFD088CB1A3D559F806CB52

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00007FF9CD251760 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ab64c15de5e3fc6e1940ded9888b98bd69e40766ba4aad6dc93abbe92726fbd3
                                                                                                                                                                                    • Instruction ID: 1a747c261807cdfe35ef27ad0ef916ef1147d7c5f5115889acf697597632e3c5
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab64c15de5e3fc6e1940ded9888b98bd69e40766ba4aad6dc93abbe92726fbd3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B915831E1CA8B5BD759DE1C88936B57BD1EF95301B14417BD46AC31C6F969B8028B80
                                                                                                                                                                                    Function 00007FF9CD2606D0 Relevance: 2.8, Strings: 2, Instructions: 305COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: SO*$7O_H
                                                                                                                                                                                    • API String ID: 0-3430566640
                                                                                                                                                                                    • Opcode ID: 265e17a86ec42268a194deea19b4a172389e72c85726029c7cd80c53afc6291e
                                                                                                                                                                                    • Instruction ID: 77d9a6ed87c261b9ccb448de611df79adf860ef2d7c42916a6506b2c7aeb44f9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 265e17a86ec42268a194deea19b4a172389e72c85726029c7cd80c53afc6291e
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC915670A1DB865FE356DB7848532B9BBE1EF86320F1441BED08AC7193E96C6C478B41
                                                                                                                                                                                    Function 00007FF9CD250F1D Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 0M,+$EO^
                                                                                                                                                                                    • API String ID: 0-156607189
                                                                                                                                                                                    • Opcode ID: ebd9039d91edc75822f7f06675cddbde918d1edec2d691d03623b0677b37dbd6
                                                                                                                                                                                    • Instruction ID: 62a18bb26c1b4a77f8c35fc1bb6c06a7a86b1cefe7b1cd91d9d0a85e631d04bd
                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd9039d91edc75822f7f06675cddbde918d1edec2d691d03623b0677b37dbd6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 52410471A0C7888FEB54DB6C5C457F97FE1EF55310F0840BBD048C7197E960A8058B81
                                                                                                                                                                                    Function 00007FF9CD25E768 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: iY_H
                                                                                                                                                                                    • API String ID: 0-1092876947
                                                                                                                                                                                    • Opcode ID: f547119f6eaa5dd05442e171281f126d6257c310ce01447d06f331d5bcbb4e7b
                                                                                                                                                                                    • Instruction ID: 0ce5a4fbdb6573ba8f0edb0d2c6eb552b617b05d210113af49499dfc63defab9
                                                                                                                                                                                    • Opcode Fuzzy Hash: f547119f6eaa5dd05442e171281f126d6257c310ce01447d06f331d5bcbb4e7b
                                                                                                                                                                                    • Instruction Fuzzy Hash: CC021662B0DB864FE755DB3CA8566B47BD1EF8A320B0440BBD059CB193F958B8068792
                                                                                                                                                                                    Function 00007FF9CD25E7CA Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: \O_^
                                                                                                                                                                                    • API String ID: 0-1789499539
                                                                                                                                                                                    • Opcode ID: e3e742a54a8944defe8f3eb1fca5d839dd34346f31636553db3bf33b00b0632d
                                                                                                                                                                                    • Instruction ID: 9f89d93701b2fa8518a104f22aa986fdeec3c053ccdc6878e0174a8fe07d6e34
                                                                                                                                                                                    • Opcode Fuzzy Hash: e3e742a54a8944defe8f3eb1fca5d839dd34346f31636553db3bf33b00b0632d
                                                                                                                                                                                    • Instruction Fuzzy Hash: CB91FB62A0D7974FE352EB3898556F47BE0EF47320B0440FBD098CB1E3FA58A8458751
                                                                                                                                                                                    Function 00007FF9CD25EE09 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: UO_^
                                                                                                                                                                                    • API String ID: 0-396482329
                                                                                                                                                                                    • Opcode ID: 551d01728d7e8de502c1f06201cdec08fbea77a2eae3cf96f20fea8cc5381dc4
                                                                                                                                                                                    • Instruction ID: 961c1ce10657276f4f4624a4ed557a1a2c9fb97dfdbb5b39c54ac401b9205d2c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 551d01728d7e8de502c1f06201cdec08fbea77a2eae3cf96f20fea8cc5381dc4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7061B436B086964FD701FF28EC81AE937B0EF86335B4084B7E598DB097D924A846C791
                                                                                                                                                                                    Function 00007FF9CD25EE20 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: UO_^
                                                                                                                                                                                    • API String ID: 0-396482329
                                                                                                                                                                                    • Opcode ID: b52db521b5d9a760a3bc6c0e4dea59d6a9cbdddb97e8ce199fd3f29b6a3cc689
                                                                                                                                                                                    • Instruction ID: e77ff231593e60a4b2492ed8d1fce6b7adfbb0adc9aa23376b51949544a8d73b
                                                                                                                                                                                    • Opcode Fuzzy Hash: b52db521b5d9a760a3bc6c0e4dea59d6a9cbdddb97e8ce199fd3f29b6a3cc689
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2451D43AB0865A5BD700FF2CEC81AE937A0EFC6335B408477E55CDB096DD64A846CB90
                                                                                                                                                                                    Function 00007FF9CD2514F8 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .P_^
                                                                                                                                                                                    • API String ID: 0-3169129673
                                                                                                                                                                                    • Opcode ID: d6e5e9f15691246ba5b58afffcf81edd858971c06037ea41dca29091ba3f391a
                                                                                                                                                                                    • Instruction ID: dddc9b3baa7d78dd1af44eb91f9bb8a7c019e144c40fa648528feb0c0e8bf57c
                                                                                                                                                                                    • Opcode Fuzzy Hash: d6e5e9f15691246ba5b58afffcf81edd858971c06037ea41dca29091ba3f391a
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8313763B4C3272AE210FABD7C45AFA7758DFC1371B049177F568D5042F84428869AE1
                                                                                                                                                                                    Function 00007FF9CD251510 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .P_^
                                                                                                                                                                                    • API String ID: 0-3169129673
                                                                                                                                                                                    • Opcode ID: d2fe3f3780484de4605882ab7797bceb5f068fa7cb71e94ac9284691432fc772
                                                                                                                                                                                    • Instruction ID: 6763fb9e926766fa45a98ff5d5defe83ac2a9c8c231b42cffed8feef23333d4f
                                                                                                                                                                                    • Opcode Fuzzy Hash: d2fe3f3780484de4605882ab7797bceb5f068fa7cb71e94ac9284691432fc772
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC31F363B4C7272AE210FBBD7C45AF96758DF82371B049077F968D9042FC4428869BA1
                                                                                                                                                                                    Function 00007FF9CD2515A3 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .P_^
                                                                                                                                                                                    • API String ID: 0-3169129673
                                                                                                                                                                                    • Opcode ID: c7f89a6afb7dcf1d1dbb8a9dfdfa9a21a420af5730efb615be655bdbb874d39d
                                                                                                                                                                                    • Instruction ID: 10dc32b60bfa53a2b8d652e754f8ac53943922c6f60bf1ab55ec8252326f417d
                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f89a6afb7dcf1d1dbb8a9dfdfa9a21a420af5730efb615be655bdbb874d39d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D213757F4C62319E610EAAD3C06BF56B48CF91772B049177F5ACD5082FC48388647E1
                                                                                                                                                                                    Function 00007FF9CD2515C8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .P_^
                                                                                                                                                                                    • API String ID: 0-3169129673
                                                                                                                                                                                    • Opcode ID: 4918cf0b19382e1706cc027d28530ab5800117fddf3d06032d16018103d5d7a5
                                                                                                                                                                                    • Instruction ID: ea028ef424f271a3d787af563013519fe264cc07d9ea071f364a55ae06dca804
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4918cf0b19382e1706cc027d28530ab5800117fddf3d06032d16018103d5d7a5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D113853F4C61309E651EAAC3801BF47784DF55731F086177E56CE5082FC8838864BA1
                                                                                                                                                                                    Function 00007FF9CD251338 Relevance: 1.3, Strings: 1, Instructions: 7COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .P_^
                                                                                                                                                                                    • API String ID: 0-3169129673
                                                                                                                                                                                    • Opcode ID: 0c04be2985530aa061a1f6efa7b40fb38ea38b1eed419e0922150d64c7cc3969
                                                                                                                                                                                    • Instruction ID: c450b8186b52909b867b5d5d1a9091eb73923de9f0dfbaa58ce92924440edd51
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c04be2985530aa061a1f6efa7b40fb38ea38b1eed419e0922150d64c7cc3969
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FB0924290EFC10EE3439A2858292102E612F9721030980EBC088CA0ABB8486C048662
                                                                                                                                                                                    Function 00007FF9CD258C18 Relevance: .6, Instructions: 586COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 531784ec544b896d8bedab6fb9b5746d359753025d72b8834e466cd2481d6463
                                                                                                                                                                                    • Instruction ID: de572bba48e0d39c1d49e1e130dd6003c47feecf62b17bf4b7235357077461a8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 531784ec544b896d8bedab6fb9b5746d359753025d72b8834e466cd2481d6463
                                                                                                                                                                                    • Instruction Fuzzy Hash: AE026230A08A498FDB84EF788455EB977E1FF59310B0540BAD44ED72A6EE29EC46CB40
                                                                                                                                                                                    Function 00007FF9CD25BDBD Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bece852def1fd3339dcfd172be2ae19570645aafe96e53280cf117bc232ac4e3
                                                                                                                                                                                    • Instruction ID: 123b81c5885541ea2ac81980159b4f26fd1d8fc537ff0d1d7ee8385a08ea1585
                                                                                                                                                                                    • Opcode Fuzzy Hash: bece852def1fd3339dcfd172be2ae19570645aafe96e53280cf117bc232ac4e3
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F16130B18A498FDB84EF68C455EB977E1FF59310B1540B9D44EDB2A6EE28EC46CB40
                                                                                                                                                                                    Function 00007FF9CD261281 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: adc7e4eaafcb10c606803c4a02efef0c00e5f179456b7141620694ea3d0ea569
                                                                                                                                                                                    • Instruction ID: 165b3fddf1618914969d899c19147b0f6a9504ea87a484e82122e002a28bbb65
                                                                                                                                                                                    • Opcode Fuzzy Hash: adc7e4eaafcb10c606803c4a02efef0c00e5f179456b7141620694ea3d0ea569
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E1C4A6A0DF868FE396CF6C08563647FE0EF15750B0801BFC4AEC7597E958784A8B41
                                                                                                                                                                                    Function 00007FF9CD255021 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7a9ac49f7e9d6cf23dcf61270e91869e5aaa3171a03210f874917353dc1a0559
                                                                                                                                                                                    • Instruction ID: 4e9574fc3a3682d2082a6708f095ac4a4c39b8e2be037e8099239f00d5267d23
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a9ac49f7e9d6cf23dcf61270e91869e5aaa3171a03210f874917353dc1a0559
                                                                                                                                                                                    • Instruction Fuzzy Hash: F1C1A23190E7C69FE3178BB49C65A557FA0AF03254B1D02EBC0D4CB1E7EA9D640AC762
                                                                                                                                                                                    Function 00007FF9CD25AAC5 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f4b03c13b3ed8c2ac5719c5f75134ceab93b3b549d3af8c681e597c3293fc7de
                                                                                                                                                                                    • Instruction ID: 37c0a986d65b12d50f6b188f8d5b00bbbe9b16e482ae17d7ac88cba400f9422e
                                                                                                                                                                                    • Opcode Fuzzy Hash: f4b03c13b3ed8c2ac5719c5f75134ceab93b3b549d3af8c681e597c3293fc7de
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FA14A61A0DA8B4FD759DE2C8893AB57FD1EF96301B1441BFD099C70D7F958B8068B80
                                                                                                                                                                                    Function 00007FF9CD2550B9 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f1ea47379c081b8023c780fe52c395a0d14c142c22ba346b54ba79664d7222fc
                                                                                                                                                                                    • Instruction ID: 4d81253ea3e6831039bea1852d4398010f2aba8a5ce086bcf726164990d77f22
                                                                                                                                                                                    • Opcode Fuzzy Hash: f1ea47379c081b8023c780fe52c395a0d14c142c22ba346b54ba79664d7222fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: A0C1813190E7C25FE3178BB48C62A547FA0AF03255B1D02EBC0D4CB1E7E99D645AC762
                                                                                                                                                                                    Function 00007FF9CD254264 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1a8c689f673fc4459a78219e4c9672f55ce89c24dd40239e68c557566d06aca3
                                                                                                                                                                                    • Instruction ID: 7ba272c23deeb41df3fb8455fc9c6aa8ca1da864381305775dcb6dbe71c41c77
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a8c689f673fc4459a78219e4c9672f55ce89c24dd40239e68c557566d06aca3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 46A1F421A0D7CA4FE756DB7858156A4BFF0EF56210B0945FFD09DCB0A3FA58284ACB42
                                                                                                                                                                                    Function 00007FF9CD2514B8 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ec4d8767f6466bf946480c9d8aa3702c3b8f30df5709076c89628b0aac221cc4
                                                                                                                                                                                    • Instruction ID: 235c2e0975937aeadfe0ac4f65dd3d2c757692bf7f1c1176edb2e72e5f9bfd77
                                                                                                                                                                                    • Opcode Fuzzy Hash: ec4d8767f6466bf946480c9d8aa3702c3b8f30df5709076c89628b0aac221cc4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9881F872E0D68F4FE756DA684855BB87BE0EF55310F1421BBC06ADB1C2FE98B8058B41
                                                                                                                                                                                    Function 00007FF9CD252FA0 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a00e7b4da32f0b09fa8b50842316c0c197fdde26398c9f6799c3c3f33665ce0a
                                                                                                                                                                                    • Instruction ID: 124876ea8b65893f92bc32b7562792df7126cc6715d933b8759ce2b7950d8aa7
                                                                                                                                                                                    • Opcode Fuzzy Hash: a00e7b4da32f0b09fa8b50842316c0c197fdde26398c9f6799c3c3f33665ce0a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2281B731A08A4E8FDB85EF688859BF97BE0FF69311F00127BD41DD3291EA7568458B40
                                                                                                                                                                                    Function 00007FF9CD251908 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e9dfb06e60ce1fd4acb453552fd7b26532757543737907df30c2b0b4a582139c
                                                                                                                                                                                    • Instruction ID: 7b203d2f6589695c80eb8621fb9f0650f888a70735412f5eaa76194e86c387f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9dfb06e60ce1fd4acb453552fd7b26532757543737907df30c2b0b4a582139c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5871C370A08A0E8FDB59DF98C485BA97BE1FF59300F04416AD01AD7295EAB4B845CB81
                                                                                                                                                                                    Function 00007FF9CD254895 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b38c3ccd70c59d483b736c4b80b7eba5f6e25790732a004035ee0867615a9927
                                                                                                                                                                                    • Instruction ID: a76fb5f479cd3372bce61bed88f288d73ea4fa4fe4e9e19dbade88b812fe6b93
                                                                                                                                                                                    • Opcode Fuzzy Hash: b38c3ccd70c59d483b736c4b80b7eba5f6e25790732a004035ee0867615a9927
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C718031A08A1A8FDB59DE188855BA8B3E1FF55300F0442BBD01ED7196FE74BD869F81
                                                                                                                                                                                    Function 00007FF9CD2534B1 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7289329c02c637611f8721b97b548c6e0b7705c712b8b052b81f38dcd2a79fd9
                                                                                                                                                                                    • Instruction ID: d4ec338b8ab562889cd248e407f43bd8a957114886ba1b4645a3c7935884cdf4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7289329c02c637611f8721b97b548c6e0b7705c712b8b052b81f38dcd2a79fd9
                                                                                                                                                                                    • Instruction Fuzzy Hash: CC611772E0C68F4AEB55DAA84855BB87FE0EF56314F04227FC066DB1C6FA54B801CB41
                                                                                                                                                                                    Function 00007FF9CD25DC9F Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e5e37cc62bea95c4235dfde0bc563b28c4c922e32b011526107715fb46a2c753
                                                                                                                                                                                    • Instruction ID: bd20a1bc9a313115e5ed359b8d83e11f087a7ab9f3599ddf8f8bb90830537c97
                                                                                                                                                                                    • Opcode Fuzzy Hash: e5e37cc62bea95c4235dfde0bc563b28c4c922e32b011526107715fb46a2c753
                                                                                                                                                                                    • Instruction Fuzzy Hash: A651D62BB0C6964BD710FF2DBC516E93760EF82331B044077E598CA093E958685A87E1
                                                                                                                                                                                    Function 00007FF9CD25934D Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7f6415ba7c1965fc5eeedc28648b60f4c7599e09ff4027c977f75278569ef6d6
                                                                                                                                                                                    • Instruction ID: fa4fcccf5f9767fde52fc1b3962263f6ed782d6f7a1bbf8f90f4a2747224be5d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f6415ba7c1965fc5eeedc28648b60f4c7599e09ff4027c977f75278569ef6d6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A61A230A0955E8ADB5ADA28C855BFDB7A0EF69300F1012FBC45ED3192FE746E858F40
                                                                                                                                                                                    Function 00007FF9CD2521DD Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 323e41e7a0f1de06890c0399d20ab88ea038a45b3a517b8584116fc9125efec3
                                                                                                                                                                                    • Instruction ID: b625f0ace6d9682e576c83a7d954c066beb2b6ea15aa42f5077b6e87f15d5a14
                                                                                                                                                                                    • Opcode Fuzzy Hash: 323e41e7a0f1de06890c0399d20ab88ea038a45b3a517b8584116fc9125efec3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7861C070E0D68A9FE74ADF788846BA97BA0FF06300F4411ABD059DB1D3EA687845CB11
                                                                                                                                                                                    Function 00007FF9CD2562E5 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 82839ef774a1558ce82a2b60a6967fc0ca34327b9067c19051deb75c4a722356
                                                                                                                                                                                    • Instruction ID: c4d8cd9739ceba0eeea75fe99fde8010a80bbe4724c60b75913ea5bd892bde6c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82839ef774a1558ce82a2b60a6967fc0ca34327b9067c19051deb75c4a722356
                                                                                                                                                                                    • Instruction Fuzzy Hash: F651B03148E7C55FC3468BA48C65AE63FF4DF9B220B0942EBE089CB563C16D594BC762
                                                                                                                                                                                    Function 00007FF9CD254736 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8428fbf069ae54ada4a6a9f63fa3e2917e8bd6c0083edf2c773b37fe26bb4739
                                                                                                                                                                                    • Instruction ID: bdccf7ab3c34ce4b742aaaefddd9bbadb07f61db995f65fec8bacd88839acce1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8428fbf069ae54ada4a6a9f63fa3e2917e8bd6c0083edf2c773b37fe26bb4739
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951C831A08A4B8FEB99DF588885BE477E0EF55311F0441FBC41DD7196FAB86989CB80
                                                                                                                                                                                    Function 00007FF9CD257217 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c6d8c1dd56e4ba3363714ef3183b5fdf8333e2c86f4af1540c01bd7728c70ea8
                                                                                                                                                                                    • Instruction ID: 8e03ac19acd3834eaf886d28c617aa276d927922a5fb3087f2d16fb069762de8
                                                                                                                                                                                    • Opcode Fuzzy Hash: c6d8c1dd56e4ba3363714ef3183b5fdf8333e2c86f4af1540c01bd7728c70ea8
                                                                                                                                                                                    • Instruction Fuzzy Hash: CA515A21B0CA4B5FE754EB6C9846AB47BD2EF45360B1810BAE48EC7292FD55B8428781
                                                                                                                                                                                    Function 00007FF9CD256C78 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4ace77ead737e1c539c69f0191bc7b91dc12b71179b3b16c8bddc6be6d1d6feb
                                                                                                                                                                                    • Instruction ID: 7a4dc72768b9af4a0fa58a65b5ed510252e857c365d9d5a00f06f5feafdd7bfd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ace77ead737e1c539c69f0191bc7b91dc12b71179b3b16c8bddc6be6d1d6feb
                                                                                                                                                                                    • Instruction Fuzzy Hash: F6417971E0D68B8BEB59EEA88801EFD77A1EF41321F04167BC469D71C2F9A578018B80
                                                                                                                                                                                    Function 00007FF9CD25536C Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c181ce8517884daecae8051d6b4d61ba7a088f7e7b3ed4d861903a9ac5f4d3ee
                                                                                                                                                                                    • Instruction ID: bd0fac44c5fd49bd6f689e06ef7f02a02338778f00c6dbc21819206e0d8900b3
                                                                                                                                                                                    • Opcode Fuzzy Hash: c181ce8517884daecae8051d6b4d61ba7a088f7e7b3ed4d861903a9ac5f4d3ee
                                                                                                                                                                                    • Instruction Fuzzy Hash: CB411971A0CB4A4FD749DFA89896BB57FE0EF56310F04417FD05DC7192EA6868088B91
                                                                                                                                                                                    Function 00007FF9CD256B30 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 92d385f99ac10cf1a112c2c9887ba87e616639edfbfc452f8927bbf7625a8ebb
                                                                                                                                                                                    • Instruction ID: a93853bf3b8a1ccdea61786ea0e8f6b023c0bb62d767f9ec629b9ff4db7e2e32
                                                                                                                                                                                    • Opcode Fuzzy Hash: 92d385f99ac10cf1a112c2c9887ba87e616639edfbfc452f8927bbf7625a8ebb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 23412736F0CB854FD714DFACAC86BE97BA0EF95322B00417BD188D7157E56468098792
                                                                                                                                                                                    Function 00007FF9CD253AB4 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: af46838cce4f80b584a45281083d3ac7219388328e4f1758ad1787420b6b20ce
                                                                                                                                                                                    • Instruction ID: b3b3a4ab060485c7956a9b76164b3e1859d4f070f80665cde064bbf95e180605
                                                                                                                                                                                    • Opcode Fuzzy Hash: af46838cce4f80b584a45281083d3ac7219388328e4f1758ad1787420b6b20ce
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5312B71A1CB4C4FDB4CDB5C9846AF57BE0FBAA321F04426FD049D3252D66468068BD1
                                                                                                                                                                                    Function 00007FF9CD258610 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9ef6fddf7e00dcd0ae2f0a7bb88d7bac70bac3e43a82b374a3136d1d05ba7280
                                                                                                                                                                                    • Instruction ID: 80d7c4e4105f81aa936249e119b8723cbf417d98b463f6d474d53bfd8814cc6e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ef6fddf7e00dcd0ae2f0a7bb88d7bac70bac3e43a82b374a3136d1d05ba7280
                                                                                                                                                                                    • Instruction Fuzzy Hash: 60417531F0D68A8FDB49CF588854AADBBB1FF99314F1441BAC05DF7292EA646801CB51
                                                                                                                                                                                    Function 00007FF9CD253BBC Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6d6abd996bd6a0656f27f47eb384197553dc262aa07812dc94f0e52849bf977a
                                                                                                                                                                                    • Instruction ID: 919d1bf8474612f0596a4405333876e5468d735e87b56cb51edfddbe32cf32cd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d6abd996bd6a0656f27f47eb384197553dc262aa07812dc94f0e52849bf977a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9231287190CB8C4FDB0DDB5C9C45AE47BF0FB9A321F04426FD049D3252D76468068B91
                                                                                                                                                                                    Function 00007FF9CD25E205 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a97c6bd4261eadccd878bf4230934f50338004ef2a7f48ed064b0212deeb0ea5
                                                                                                                                                                                    • Instruction ID: 699704ebb6a7148c3a59fc9da146413c5451ee67b03936a3461be5eed2023e96
                                                                                                                                                                                    • Opcode Fuzzy Hash: a97c6bd4261eadccd878bf4230934f50338004ef2a7f48ed064b0212deeb0ea5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0331023160DBC54FD756EB3888A9A617FE0EF5A20070805EFD48DCB1E7EA18E849CB51
                                                                                                                                                                                    Function 00007FF9CD25D938 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ad004ca44775b0061a859fa7e201d4b606973808b1e71c635217d491d7587e5c
                                                                                                                                                                                    • Instruction ID: 3989885ba8cf8a1c4eb19efdb385acb8d32aa1e2d43670d602ec001a4a511c4d
                                                                                                                                                                                    • Opcode Fuzzy Hash: ad004ca44775b0061a859fa7e201d4b606973808b1e71c635217d491d7587e5c
                                                                                                                                                                                    • Instruction Fuzzy Hash: CC313131B0CB854FE795EB388895AA57BE0EF5A31070809BED48DDB1E3ED18E845CB41
                                                                                                                                                                                    Function 00007FF9CD251208 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1cc83798a8ccaec731e0c842c565010a8baf724982da72314d9ca2dd52f0c7dc
                                                                                                                                                                                    • Instruction ID: d306127252ac484a702e277408293e600e332c25c861a519eafa61db64207ab9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cc83798a8ccaec731e0c842c565010a8baf724982da72314d9ca2dd52f0c7dc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5831C471A0CB489FEB19DF9C9C86AA9BBF4EB55310F00816FD049D3156E6747805CB92
                                                                                                                                                                                    Function 00007FF9CD25D950 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 300feb3699e9a0609806558b86008e30ec1ade552c1dc9daf19a3479dec5c4ff
                                                                                                                                                                                    • Instruction ID: 3fb281959ecad58ae17368704b6f90e81b2ff23a4e84ec925056678e96c3389c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 300feb3699e9a0609806558b86008e30ec1ade552c1dc9daf19a3479dec5c4ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: D731043170CB854FE795EB389495A65BBE0EF5931070805BED44DCB1E6E918E845CB41
                                                                                                                                                                                    Function 00007FF9CD25BCE1 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e758aae13e8082632f1ede2039f2727209a1fc3edb40c65550f1d8cb86e56921
                                                                                                                                                                                    • Instruction ID: f87b1457c5029ae611a9158b95d7d6c7ba55f7efafaae687c233ed5405b8e56b
                                                                                                                                                                                    • Opcode Fuzzy Hash: e758aae13e8082632f1ede2039f2727209a1fc3edb40c65550f1d8cb86e56921
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C310531609B894FDB95DF688859BB53BE1EF59310F0401BED409C71A2EA64AC44C781
                                                                                                                                                                                    Function 00007FF9CD2539D4 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c8d0a79f1b4d30158299b9df8a57aed8d90bbd4c0fa908a1592c189e05207693
                                                                                                                                                                                    • Instruction ID: dc9aef7f99a8471969c7adc369e3bd2abf94074b2b0a2da3aafbc397d14fd8fa
                                                                                                                                                                                    • Opcode Fuzzy Hash: c8d0a79f1b4d30158299b9df8a57aed8d90bbd4c0fa908a1592c189e05207693
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8231D771A0CB888FEB19DF989C86AE9BBF0EF56320F04425FD049D3156D6747849CB92
                                                                                                                                                                                    Function 00007FF9CD251218 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 18ddf1d90336331e09cbf0ca9f97219b51cf2d49eae0f89383f1fc4d73930d54
                                                                                                                                                                                    • Instruction ID: bafa42b294c1fd81ab20ac5bbb51df0010734fb5ec1010f6c10758362413c678
                                                                                                                                                                                    • Opcode Fuzzy Hash: 18ddf1d90336331e09cbf0ca9f97219b51cf2d49eae0f89383f1fc4d73930d54
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2721A271A0CB489FEB18DF999C86AA9BBF4EB69310F00412FD049D3156E6747845CB92
                                                                                                                                                                                    Function 00007FF9CD259276 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ba68289fdf281f37e28c81b95aa68f9a843032d13a474b178649146007562663
                                                                                                                                                                                    • Instruction ID: 0cc83c24c96c8f2d1157f7e9d47df6031698e7ecd2ca54551bdcd62d430fa0ac
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba68289fdf281f37e28c81b95aa68f9a843032d13a474b178649146007562663
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D31D432A5994B8EE757DB248841BF877D0EF16300F4521BBC05AD30D3FEA87D498A80
                                                                                                                                                                                    Function 00007FF9CD25747B Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ba5358e0f490cffc454fe7aa65ef85c2135c92ae3295cba4a982bf16f56eedb4
                                                                                                                                                                                    • Instruction ID: f6336d59b4782d03c3c84adb9994694b4e1329284c307c5c8d3b46f26abe04b3
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba5358e0f490cffc454fe7aa65ef85c2135c92ae3295cba4a982bf16f56eedb4
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC21D152B0DACA0FE785FA3C2819BA97BD1EF9926170441FBC48ECB196F8481C4A8341
                                                                                                                                                                                    Function 00007FF9CD25BB68 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1783c455038062aa1b18b6e3c359c8492b8fb6502d9109d546805f6333f8dd0a
                                                                                                                                                                                    • Instruction ID: 6f75320c05a2a5691049e54f9a792302973a3a4e65bcf3106362611dc89b16e7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1783c455038062aa1b18b6e3c359c8492b8fb6502d9109d546805f6333f8dd0a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D115931A1CB4A4FDF54DF1C580AABA7FD0EBA8361B04126FE408D3252E9A4F80247D1
                                                                                                                                                                                    Function 00007FF9CD25095E Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3cf4a8f1f60719c65802aa4172fafce6aded4fc68b08981181a87ee2dac17965
                                                                                                                                                                                    • Instruction ID: 90baad58058d111ad3b87e5dc3ecc9ac5b5c5475c7410aa925a9e3336a33052d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cf4a8f1f60719c65802aa4172fafce6aded4fc68b08981181a87ee2dac17965
                                                                                                                                                                                    • Instruction Fuzzy Hash: D721C950A4E7C61FE34357B4192A3A67FE59F47120B4D40FAC489CB1F7E85C4C4A8322
                                                                                                                                                                                    Function 00007FF9CD260290 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f5f80a162c37f93ce159dc521399f1c4831490f0a16a0bf934866eb70b9be2f9
                                                                                                                                                                                    • Instruction ID: 16d6d30a9ca54adefd29885f5f810139b1f4b69ec867180067f70017815289f7
                                                                                                                                                                                    • Opcode Fuzzy Hash: f5f80a162c37f93ce159dc521399f1c4831490f0a16a0bf934866eb70b9be2f9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121DE71A0968E8FCF99DF288805AED3BE0FF65305B0401ABE428D7291E6B4E5258B41
                                                                                                                                                                                    Function 00007FF9CD25B660 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 864d738f34ad0af584952ea3b836bfbccc19b1f1db32af045e9069ee109ee560
                                                                                                                                                                                    • Instruction ID: 71f267b4948542539d2b104b4c48073225ef2ca5e1ccc0b0e9856ea326ac48c0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 864d738f34ad0af584952ea3b836bfbccc19b1f1db32af045e9069ee109ee560
                                                                                                                                                                                    • Instruction Fuzzy Hash: 61118231718E1D4FCB60EE5CA845AEABBE1FBA9315F10067BE419C3251EA61E80487D1
                                                                                                                                                                                    Function 00007FF9CD2515D0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b5c26331042f039e8bcb5f100d77120fd9a68555fd1ba8021e897a6dbc4a1128
                                                                                                                                                                                    • Instruction ID: 73d86042bf400aef68e92779800fda5e608dc4c74d06fc880d16177f761b3b63
                                                                                                                                                                                    • Opcode Fuzzy Hash: b5c26331042f039e8bcb5f100d77120fd9a68555fd1ba8021e897a6dbc4a1128
                                                                                                                                                                                    • Instruction Fuzzy Hash: B7112763F4D61319E655EAAD3801BF47B44DF51731F08A177F46CD5082FC8838864BA1
                                                                                                                                                                                    Function 00007FF9CD250ADD Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f5dba8c147ece4a0a25026aea017febade23b2df3faf9f0bc609dad87d75c988
                                                                                                                                                                                    • Instruction ID: e51c3e946b583b1e43e8dd2073ec985b02ad1938e17044405d2dd44645817af2
                                                                                                                                                                                    • Opcode Fuzzy Hash: f5dba8c147ece4a0a25026aea017febade23b2df3faf9f0bc609dad87d75c988
                                                                                                                                                                                    • Instruction Fuzzy Hash: C411EC20A0D7850FE386DB3854191E57BE1FF5A210F4445AFD48CD76A7D92C8A428352
                                                                                                                                                                                    Function 00007FF9CD2515D8 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 009095f5faadc3790517956197e62a1ad77ad4cbfe2c8eb9085f3d258203f44d
                                                                                                                                                                                    • Instruction ID: 5ca213c9b3cc1f7c258644deb78352dfe317e68288abac06bab92590bc4b3d55
                                                                                                                                                                                    • Opcode Fuzzy Hash: 009095f5faadc3790517956197e62a1ad77ad4cbfe2c8eb9085f3d258203f44d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 18110663F4D61309E655EE6C2802BF4B740DF51731F08A177E46CD5086FC8838855BA1
                                                                                                                                                                                    Function 00007FF9CD255B64 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e75f31d56bc03089629cd0ff998226eb7b5dd0031d919514a9ad7d6d6a10a48d
                                                                                                                                                                                    • Instruction ID: eedae45c082efa097073c4105738df237ff52de700827eebe592e15506a3434e
                                                                                                                                                                                    • Opcode Fuzzy Hash: e75f31d56bc03089629cd0ff998226eb7b5dd0031d919514a9ad7d6d6a10a48d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3911B631A0CA4A8EEB58DFE89C45BA4B7E0FB54311F04813BC01DD7546EBA8B5458B81
                                                                                                                                                                                    Function 00007FF9CD2548E2 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e67c4a35cd8bd8734672993e0bea5dd99d797403034866640eb0678b3d0f2f81
                                                                                                                                                                                    • Instruction ID: d2cb240f14cee6d13185a9e3195a0be9fff8c2a67aefaa08283cb32d37ac9679
                                                                                                                                                                                    • Opcode Fuzzy Hash: e67c4a35cd8bd8734672993e0bea5dd99d797403034866640eb0678b3d0f2f81
                                                                                                                                                                                    • Instruction Fuzzy Hash: F611D63190CB4A8FDB59CF589881BE4B7E0FB45310F0446EAC41DCB187E6B46989CF90
                                                                                                                                                                                    Function 00007FF9CD253400 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c5bf1521cf568aa1213ec66eca7ecf1f27d0be01dd2356b83aacedf2d118de3c
                                                                                                                                                                                    • Instruction ID: ccae37a997eae00413795e3e9c9d2b8c9627b7087d3bdb33d70b92bf9e6c9d46
                                                                                                                                                                                    • Opcode Fuzzy Hash: c5bf1521cf568aa1213ec66eca7ecf1f27d0be01dd2356b83aacedf2d118de3c
                                                                                                                                                                                    • Instruction Fuzzy Hash: F7116061D0E7C70FE7239A75086A6A47FA09F13350B1821FBC4A5CB0E3F99D784A8752
                                                                                                                                                                                    Function 00007FF9CD25AE89 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c6a35b5c1a5a175bfc06e70d426a9556c65de35f91d09cd8c68985d59e7b640c
                                                                                                                                                                                    • Instruction ID: 06ab26e8a6ce23c9010c65a55769deb1a813dbbd165650c52fc646fa2ac9e3e1
                                                                                                                                                                                    • Opcode Fuzzy Hash: c6a35b5c1a5a175bfc06e70d426a9556c65de35f91d09cd8c68985d59e7b640c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9901266591CF8E0FE7A1EF285486A65BBD1FF98340F080ABBD06DC3081FA95B9044741
                                                                                                                                                                                    Function 00007FF9CD2515E8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4af10126a922b7c80a4aecb0a660b4f0e8c4cfbba6888bbc81a18e53b1c0bc49
                                                                                                                                                                                    • Instruction ID: 50b7860e194422689a2d9466a49ea3b34c1f20c177f74d764d403c681318b703
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4af10126a922b7c80a4aecb0a660b4f0e8c4cfbba6888bbc81a18e53b1c0bc49
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C014953F4D71309F655DA6C2801BF4AB40DF90731F046177E56CD5086FC8838865BA1
                                                                                                                                                                                    Function 00007FF9CD251AC3 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 86f799f5a632e7708429db41c281d80887c08406ac8637c5ab9e0c2f9e76f9bc
                                                                                                                                                                                    • Instruction ID: 357420c6011a52fc66bad87dba9a86807beed7c8f46adb6997c79726aa9de877
                                                                                                                                                                                    • Opcode Fuzzy Hash: 86f799f5a632e7708429db41c281d80887c08406ac8637c5ab9e0c2f9e76f9bc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E010836D4C5495FE706EF34DC429E97B20EF01310F09557BE169C3082FA642556CB81
                                                                                                                                                                                    Function 00007FF9CD25AEB9 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2778b6b16b7ffb1d248c5bef0e841337ce114682e458b631edaa45b4f7c07a23
                                                                                                                                                                                    • Instruction ID: d34068bbfd8be76ad3ff4d337404bb1057174e42aad302310b0ad453d19df1dc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2778b6b16b7ffb1d248c5bef0e841337ce114682e458b631edaa45b4f7c07a23
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7701F56190DBC60FD3669B3848A67697FE0BF66314F5A06EBC054C60A2F68DB8448751
                                                                                                                                                                                    Function 00007FF9CD2515F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 37fe875e6233d53a8069c60c8f510e9ba76f45f3bad8aed3b826fbb3e7222663
                                                                                                                                                                                    • Instruction ID: 0d89e3d4cef5176080d4a2abc8e608b80313724bbe22990bfe0ab72b1103a0a1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 37fe875e6233d53a8069c60c8f510e9ba76f45f3bad8aed3b826fbb3e7222663
                                                                                                                                                                                    • Instruction Fuzzy Hash: 93012853F4D7530AF665DE6C2801BF4AB40DF61731F0461B7E46CE9086FC8838865BA1
                                                                                                                                                                                    Function 00007FF9CD254592 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d4b2d7c311444782e145c2390cce7b1e9712aa1d060d25b06e85db2a751e7b58
                                                                                                                                                                                    • Instruction ID: a140fa9d98835175231ced9f6ac0c8705474ca8b51ebea39a0919cc284487538
                                                                                                                                                                                    • Opcode Fuzzy Hash: d4b2d7c311444782e145c2390cce7b1e9712aa1d060d25b06e85db2a751e7b58
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C11E551D4E7D30EE7978B780811761BEE09F57220B0D51FBD494CE097F48D588ACB62
                                                                                                                                                                                    Function 00007FF9CD25B700 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 417bfa32a27e3217a9b1a4efc0b4f9997ed6eee4121387ed5b62c8968af8e6a6
                                                                                                                                                                                    • Instruction ID: e35b0fa156b31ad6a163bbee07249c893fc71dc735d8cf8e4888cd3b9e63acee
                                                                                                                                                                                    • Opcode Fuzzy Hash: 417bfa32a27e3217a9b1a4efc0b4f9997ed6eee4121387ed5b62c8968af8e6a6
                                                                                                                                                                                    • Instruction Fuzzy Hash: BF01493190958F4BDB94EE389845BF97BD0EF85334B0802BED42CC7081F9A4A4068780
                                                                                                                                                                                    Function 00007FF9CD2602CF Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ab5da21e9bd377ab0deef59644de8bb0e4978ec68849232d90c4246a42062e2b
                                                                                                                                                                                    • Instruction ID: a398df1b842ec4d3ba4cf4ff5f3f3fca0c7b4e1054e0aa5c37546e32d8fc8d42
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab5da21e9bd377ab0deef59644de8bb0e4978ec68849232d90c4246a42062e2b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 12017171A18A4D8BCF44EF6898055EE77E5FB98701F00026BF42DD3241EB74AA248B42
                                                                                                                                                                                    Function 00007FF9CD255AFC Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 194109f67bb9210099734f1c5a34a1da85c71bff182815bc0f1413dbeb5b7154
                                                                                                                                                                                    • Instruction ID: d2f4ea4b4074cecbf2f5146398176e744d6555ae968af65a2d698616d3aa76cb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 194109f67bb9210099734f1c5a34a1da85c71bff182815bc0f1413dbeb5b7154
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E01A572A0CA49CEEB58DF989885FE4B7E0FB54311F044167C41DD3549EB68B5858B81
                                                                                                                                                                                    Function 00007FF9CD2515F8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: cf4ca6246a770320eade5fd465ce1a03610757e55274601249cc8b1ba1f47574
                                                                                                                                                                                    • Instruction ID: 3b8e4ce0c00009b40e5b38f00c90b57e87863d7ade70a5bc251b40bc28502650
                                                                                                                                                                                    • Opcode Fuzzy Hash: cf4ca6246a770320eade5fd465ce1a03610757e55274601249cc8b1ba1f47574
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6801D412F4DB530AF665DE6C2801BF4AA40DF61721F0862B7E46CDA086FC8838865B92
                                                                                                                                                                                    Function 00007FF9CD25E18E Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 727439d94d01a42ee3f8fa2c2ea1d7e1957acb25cbc9693fe711c53e2afcc07f
                                                                                                                                                                                    • Instruction ID: d6c7d0f99d02fe5e3027c9e99b85f012e9317a6c6f9808353057e457b37ddc5a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 727439d94d01a42ee3f8fa2c2ea1d7e1957acb25cbc9693fe711c53e2afcc07f
                                                                                                                                                                                    • Instruction Fuzzy Hash: DA01B13160C98A4FDB85EB288550AB1BBE2EFA931030940AAD40DC7293EE18FC45C751
                                                                                                                                                                                    Function 00007FF9CD25ED8D Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4895f71e636ead1e5a3150556b15103001e2efe9fac81cb089a876440f8b6576
                                                                                                                                                                                    • Instruction ID: 5030c9cef214a1b1fe5cf51f205f90fa9ab03f1e9fc1783ddb8ac965d6f882f1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4895f71e636ead1e5a3150556b15103001e2efe9fac81cb089a876440f8b6576
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301F530A2C7154BD768FB34481A179BBD0EF45305B0409BFD89ED62E2FE7AE4828642
                                                                                                                                                                                    Function 00007FF9CD252552 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 283465bfbbf0bd162d8136d02c84dc4b79e6012012e9d64568ee62ffe7dca240
                                                                                                                                                                                    • Instruction ID: 04c805f654e71c73fc9008a51ba17d782a9f1a70122f6951b939566e53d2a5e6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 283465bfbbf0bd162d8136d02c84dc4b79e6012012e9d64568ee62ffe7dca240
                                                                                                                                                                                    • Instruction Fuzzy Hash: B4F0F92190DE9B0ED75AEB3804686A13BD0EF99214B0905BBC4E9D7093FC9CA8858792
                                                                                                                                                                                    Function 00007FF9CD251758 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6b1dcb25502a582dd5ee4b9b2470ceb642d7dbe9d41d3293b35597cfa3df50a9
                                                                                                                                                                                    • Instruction ID: 74d43edc5abb3d6e3576467b4691e47f3d760d39fa1d461df29221becc80d9a9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b1dcb25502a582dd5ee4b9b2470ceb642d7dbe9d41d3293b35597cfa3df50a9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B012830A18A4E9FDF94EF1C9845AEA77F0FB58300F0085A6E429D3284EB75F9508F80
                                                                                                                                                                                    Function 00007FF9CD25702D Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f2964cd054edfcbdddf61ebaf53edaab8b6d4d0085d13febd953c6e1ef561b72
                                                                                                                                                                                    • Instruction ID: 31d7d4aac754d06b3458680983156f0a408ccf4c44e14052d1a88d2967c7b9e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: f2964cd054edfcbdddf61ebaf53edaab8b6d4d0085d13febd953c6e1ef561b72
                                                                                                                                                                                    • Instruction Fuzzy Hash: CC01A721B08D4B8FEB95EE885891BF9B7A1FF54310F441076D51EE3186FD64BC094780
                                                                                                                                                                                    Function 00007FF9CD25BC05 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 03a62c95bb08d9daea84769a18b71e055bdf0234e4b7c213757d42cc8163e332
                                                                                                                                                                                    • Instruction ID: 34eed99a22d20c4d046cb82191db55a3cda83fd4149b589666c8380d536a2747
                                                                                                                                                                                    • Opcode Fuzzy Hash: 03a62c95bb08d9daea84769a18b71e055bdf0234e4b7c213757d42cc8163e332
                                                                                                                                                                                    • Instruction Fuzzy Hash: F401717050DBC95FC399DB284459B66BFE0EFA9212F0405AFD0CCD76A2DEB45844C752
                                                                                                                                                                                    Function 00007FF9CD251780 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ea30b2739473461d93d1e29fe5ed4aa305abdfad2a223d923b2c8bc99aca19a2
                                                                                                                                                                                    • Instruction ID: a7c7288e406e85dfbe86aba3efd973817433a5d0f559a15bda3da382c5edcc05
                                                                                                                                                                                    • Opcode Fuzzy Hash: ea30b2739473461d93d1e29fe5ed4aa305abdfad2a223d923b2c8bc99aca19a2
                                                                                                                                                                                    • Instruction Fuzzy Hash: A3F0A454A1CF1B09E575EB2C54CAB3DA5D1FB98390F6459B7D02EC2091F99A78404784
                                                                                                                                                                                    Function 00007FF9CD251608 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6c15f019573bf67a418d5d82a7ee84de9fd463c8d36ec85614323c447e36324f
                                                                                                                                                                                    • Instruction ID: b29f669d79bf35d5fe1bad8fe7eff9560bcdd1aadfc9407094e23da167c29b7a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c15f019573bf67a418d5d82a7ee84de9fd463c8d36ec85614323c447e36324f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EF02D52F0DB530AF796DE6C2401BB0B540EF61721F0861B7E46DD60C6FC883D825B92
                                                                                                                                                                                    Function 00007FF9CD25B23C Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e9fdc9556d787c9ec51719090f86fb1f34c59696c969eb5e0bc26a0ec1a32c96
                                                                                                                                                                                    • Instruction ID: 988b8413dcd44942b48c6395b813a35e7b05970f9535b2aaff1e495e57a9818b
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9fdc9556d787c9ec51719090f86fb1f34c59696c969eb5e0bc26a0ec1a32c96
                                                                                                                                                                                    • Instruction Fuzzy Hash: 08F0A470A1CA1E4FDB94DF0894957BD73E0FB58314F00046FE01AD3240DA75A9008B81
                                                                                                                                                                                    Function 00007FF9CD2612F8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d810031aade00f5776b00fa9220a510f88c1379c1a894779498e65912f79f6b8
                                                                                                                                                                                    • Instruction ID: 9fb9223cfaaa5a32f73834435979530ae93fe99ae3ceb8c4960e205c8cd8706b
                                                                                                                                                                                    • Opcode Fuzzy Hash: d810031aade00f5776b00fa9220a510f88c1379c1a894779498e65912f79f6b8
                                                                                                                                                                                    • Instruction Fuzzy Hash: CD018652E0DFC64AF7A79E6809123B03EA0AF52F10B1811F7E46DC6197F89878198B81
                                                                                                                                                                                    Function 00007FF9CD251AE8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b856cd40e4e1f1aea810cd4b6c219cf884f8438aebe3255770b29e3e8e8aae18
                                                                                                                                                                                    • Instruction ID: 8aa41acffd55a29abe3d584b95aa1ad740a8f84382284bf10cafaef5bb31fd64
                                                                                                                                                                                    • Opcode Fuzzy Hash: b856cd40e4e1f1aea810cd4b6c219cf884f8438aebe3255770b29e3e8e8aae18
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF0D132D0C54A8AEB16EF2498529F97B20FF01300F0511BBE06997082FA64255A8B81
                                                                                                                                                                                    Function 00007FF9CD25E1B0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: cd4cf6d860747d9c8e1e3d74ed35633a82b164a96bfb9c161190852ef28c495b
                                                                                                                                                                                    • Instruction ID: 05f197f1f5c2114a06c9b1e6ceb4b67bafc478547d78f08b50cbecdaab2ef15d
                                                                                                                                                                                    • Opcode Fuzzy Hash: cd4cf6d860747d9c8e1e3d74ed35633a82b164a96bfb9c161190852ef28c495b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF01D31718D0A4F9B99EB298450A7573E2FFD931035941AAD41EC3296EE25FC418781
                                                                                                                                                                                    Function 00007FF9CD251610 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5140e79786b03bef4a4b1b53e0a3f9aaf13e9e0ca4ade8225e1f969168f181ff
                                                                                                                                                                                    • Instruction ID: 2c29974554f9bd8341f25c8f3f8c3f08e92f89dcfbc69a35879de1b40dafc97d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5140e79786b03bef4a4b1b53e0a3f9aaf13e9e0ca4ade8225e1f969168f181ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F0FC52E4DB530AF79ADE6C1411BB0F590DF55710F0861B7E46DDA0C6FC883D815B92
                                                                                                                                                                                    Function 00007FF9CD252570 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 91e57a4ad07d50bb456f7cc4926fa4c794fc95cb1d36c57fd75aef28f6176525
                                                                                                                                                                                    • Instruction ID: 5fe065dc86e95b1d36b184bd6e59438e03941a2f836a98d7ced40d1f1589560a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 91e57a4ad07d50bb456f7cc4926fa4c794fc95cb1d36c57fd75aef28f6176525
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56F0E921D08C5B0AD759FA280498A7621C0FF9C315B450937C8AED3081FC58A9808A81
                                                                                                                                                                                    Function 00007FF9CD26031A Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f08270d45e5350a914da23e002a2f4e15cdbbbd145ccd255ac25029c902f6f6b
                                                                                                                                                                                    • Instruction ID: 3f7f6e752d3d80bd8e87716a58c88ed3a130f9d83262c3114c4012770b2388e5
                                                                                                                                                                                    • Opcode Fuzzy Hash: f08270d45e5350a914da23e002a2f4e15cdbbbd145ccd255ac25029c902f6f6b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AF08274A0CB4D8BCF48DF1C98151EE7BF0FB58300F00416FE419D3280DA71AA148B41
                                                                                                                                                                                    Function 00007FF9CD251998 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7749e7f6144cc2cea7f97304b304b706dbdeb507fdde5d066fa0bb66d02a2c3f
                                                                                                                                                                                    • Instruction ID: ca7556501fc89b51c61b6731af132a333f6d8e571b439a81a4ef096a2b985493
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7749e7f6144cc2cea7f97304b304b706dbdeb507fdde5d066fa0bb66d02a2c3f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F01C70A18A4D8BCF48EF6C98156EE77F1FB58301F00452BF429E3240DA75AA148B45
                                                                                                                                                                                    Function 00007FF9CD251AF8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 839e69a6053888cc0d7510f3915a60d5c0bdb99f27e355411d4cccd7df5be2bb
                                                                                                                                                                                    • Instruction ID: 5e6688c8a1a305d8c61bb749753ddd3e3813f8cfe352d500733f5e08f617a312
                                                                                                                                                                                    • Opcode Fuzzy Hash: 839e69a6053888cc0d7510f3915a60d5c0bdb99f27e355411d4cccd7df5be2bb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FF08236D1C54E5AEB16EF1498529FD7B20FF11300F442277E53A92092FEA836558A81
                                                                                                                                                                                    Function 00007FF9CD250A23 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f8beb46d48e52adf8879644cf53e6939701234361f5a83ac74f0e73d76a38404
                                                                                                                                                                                    • Instruction ID: 23b14005e84e4f359349dc38718a37d6a8f271ac959476cca2a93cf64c50b8af
                                                                                                                                                                                    • Opcode Fuzzy Hash: f8beb46d48e52adf8879644cf53e6939701234361f5a83ac74f0e73d76a38404
                                                                                                                                                                                    • Instruction Fuzzy Hash: 41E09201B0CA460FE2C5E7B8082A77994D2EF59350B0440FAE40DC32D3EC2C5C410642
                                                                                                                                                                                    Function 00007FF9CD251B71 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1806813f4428092caee1057919385d07d295dbf11c907b291a26781349fd1a25
                                                                                                                                                                                    • Instruction ID: f4861dea1eec34fb8901b860d63b699d3fe51a381eeb683bfd15390318a3bcdf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1806813f4428092caee1057919385d07d295dbf11c907b291a26781349fd1a25
                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E02662A0EBC50FD367862818662D83FA09F56220B4E01EBC044CF5E3F54DAC858382
                                                                                                                                                                                    Function 00007FF9CD2584C3 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 86ff93147c54c8b887260fce553c8cf82abfd2a8f98354370097ffaa85b56159
                                                                                                                                                                                    • Instruction ID: 41984f2697dc0aa51af6408e32ae0e10cc5777b29617841965be47a74439688d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 86ff93147c54c8b887260fce553c8cf82abfd2a8f98354370097ffaa85b56159
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02E04F7051D6455FC284EB04D485D9AB7E0FF94350F80192EF08AC3260EA61A841CB42
                                                                                                                                                                                    Function 00007FF9CD251E18 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7ecba1470e6c9d56614894e79457d3e90a6db9018fd5f11da4b59cae648fc800
                                                                                                                                                                                    • Instruction ID: 4e2231d621981e633c06f88d3292b3f86dbefc7c467559d132c7ada6288c94d7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ecba1470e6c9d56614894e79457d3e90a6db9018fd5f11da4b59cae648fc800
                                                                                                                                                                                    • Instruction Fuzzy Hash: 32D06220B4540B4FDA85FF18A4526E97351DF45350F811476E42DD21C6EDA57C508B41
                                                                                                                                                                                    Function 00007FF9CD2523D7 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 411c9280a1ab5ef8dc415ab591cc764eba16b4c5f3dcbecde5993ccf320e1dc1
                                                                                                                                                                                    • Instruction ID: ec771ca66f849661f8e637c748858371c0df0f688a5125bcc84eb5f0238e7251
                                                                                                                                                                                    • Opcode Fuzzy Hash: 411c9280a1ab5ef8dc415ab591cc764eba16b4c5f3dcbecde5993ccf320e1dc1
                                                                                                                                                                                    • Instruction Fuzzy Hash: A6C08C7361C24C8DEB08978CF8026F8BBE0E746235F00405BE28AC3912E213606B8B85
                                                                                                                                                                                    Function 00007FF9CD25F573 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f670152bb2d8944d219f44df2d47bc1174ce401b1e7414e698ce4d82dac547d2
                                                                                                                                                                                    • Instruction ID: c054a3826b3f33b87947d75361c4ce26dce7d4a65ba2816bc4f7b0002bfcac9e
                                                                                                                                                                                    • Opcode Fuzzy Hash: f670152bb2d8944d219f44df2d47bc1174ce401b1e7414e698ce4d82dac547d2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 559002019CE41F01B45464553C469D471848785220BC634A2E81884146FCCE7DD24681

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 00007FF9CD250BDF Relevance: 9.0, Strings: 7, Instructions: 284COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: ++$8++$PN,+$XL,+$p-+$xM,+$-+
                                                                                                                                                                                    • API String ID: 0-1060502276
                                                                                                                                                                                    • Opcode ID: a30a6002ceb251331917656022f7d723f32741f115d0e1eee125640e922e73ac
                                                                                                                                                                                    • Instruction ID: d151788dfa89be678dfa3310d211f235ae4ed2d99b849ca6eef29c82b3d19570
                                                                                                                                                                                    • Opcode Fuzzy Hash: a30a6002ceb251331917656022f7d723f32741f115d0e1eee125640e922e73ac
                                                                                                                                                                                    • Instruction Fuzzy Hash: 38913943A0EBC39BE616AB681D996A5AF91FF6239074C41F7D0A98B0C7B845B8094790
                                                                                                                                                                                    Function 00007FF9CD258C1D Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000001D.00000002.2083669973.00007FF9CD250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9CD250000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_7ff9cd250000_Updater.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: O_^$O_^)$O_^+$O_^-
                                                                                                                                                                                    • API String ID: 0-2021213612
                                                                                                                                                                                    • Opcode ID: a65df4bccba08fa059e8fb8745987c6332912a983c184c4a55a8860386a6f979
                                                                                                                                                                                    • Instruction ID: dd3938559ff10669b3ea818aa4010764cf7fe70d99ef596fba1057301b797271
                                                                                                                                                                                    • Opcode Fuzzy Hash: a65df4bccba08fa059e8fb8745987c6332912a983c184c4a55a8860386a6f979
                                                                                                                                                                                    • Instruction Fuzzy Hash: FD51F462B0EAC39FE2468B394C5D691FBD0FF2231570C51B7C0A88B193FDAA74168A51