Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
Clear-EasyPrint.b7002.ntclear.SK001.ch.exe

Overview

General Information

Sample Name:Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Analysis ID:763753
MD5:0f14001e7b7c9a24c46296e25074b39a
SHA1:b10d1a303d0e9f481fd9bb675122c0dcd24f33d9
SHA256:3a3883dcdca19be0d1132e943682aece990494ce58e40d679b2a0b9cde481eff
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Tries to delay execution (extensive OutputDebugStringW loop)
Obfuscated command line found
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Drops PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

  • System is w10x64
  • Clear-EasyPrint.b7002.ntclear.SK001.ch.exe (PID: 5496 cmdline: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe MD5: 0F14001E7B7C9A24C46296E25074B39A)
    • Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp (PID: 5588 cmdline: "C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe" MD5: 032A47886B37474C68E22C9C9FD2D1C3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: unknownHTTPS traffic detected: 3.214.36.77:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: certificate valid
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-Q028I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: POST /api/v1/events?installId=50014048-F3CB-4E84-BB4D121EE644E142 HTTP/1.1Content-Type: application/json; charset=utf-8Host: 0srzroz2i7.execute-api.us-east-1.amazonaws.comContent-Length: 390Expect: 100-continueConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: "weather": "https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203541_{user.InstallTime|format_mmddyy}", equals www.yahoo.com (Yahoo)
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529245960.00000000037C3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203541_{u equals www.yahoo.com (Yahoo)
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.541096390.000000000D1E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.539777732.000000000CED0000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.285855095.0000000009B64000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drString found in binary or memory: http://knockoutjs.com/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275695947.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275695947.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html:
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comU
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comXM:
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coma-e
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comcz
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comn
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como.
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comue
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comv-s
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comz
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276657785.00000000083B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276657785.00000000083B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277536601.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277422272.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277510508.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnP
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cna-d/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277886599.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/#
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/(
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/)
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276245133.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276062862.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276290564.00000000083BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y00
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/i
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/E
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286860547.0000000008435000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drString found in binary or memory: http://www.json.org/json2.js
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286015809.0000000008444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.json.org/json2.jsH?
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535318909.0000000008438000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286860547.0000000008435000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.json.org/json2.jsW?Qj
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.539777732.000000000CED0000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.285855095.0000000009B64000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn;
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnnt
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526073996.0000000002318000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529263157.00000000037CB000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.531989728.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527283725.000000000260F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/events
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529371525.0000000003818000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/events?installId=50014048-F3CB-4E84-BB
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://0srzroz2i7.execute-api.us-east-1.amazonaws.com4
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clearbar.app(https://clearbar.app(https://clearbar.app
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://clearbar.app/rd2/?id=296104Ly9hcmNhZGV0YWIuY29t&guid=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://clearbar.app/rd2/?id=368729Ly9hcmNhZGV0YWIuY29t&guid=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://clearbar.app/rd2/?id=434930Ly9hcmNhZGV0YWIuY29t&guid=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526606408.0000000002393000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clearbar.app039
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527764123.00000000026CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clearbar.app03m
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526073996.0000000002318000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527283725.000000000260F000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloudfront.clearbar.app/binaries/tutorials/%s.7z
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://maps.google.com
Source: easyprint_clearbar.json.1.drString found in binary or memory: https://meta.clearbar.app/sug/?s=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://search.clearbar.app/crx/search.php?guid=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://search.yahoo.com?fr=tightropetb&type=11745
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527411319.000000000264C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=tightropetb&type=117IuY29t&guid=
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526073996.0000000002318000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529263157.00000000037CB000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527283725.000000000260F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collect
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527252857.0000000002601000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collect?v=1&tid=UA-179279808-1&cid=50014048-F3CB-4E84-BB4D121EE644E
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.531989728.00000000042E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collectlnY
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com4
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260286559.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260678295.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000000.262122335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: https://www.innosetup.com/
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260286559.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260678295.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000000.262122335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drString found in binary or memory: https://www.remobjects.com/ps
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529245960.00000000037C3000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drString found in binary or memory: https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203541_
Source: unknownHTTP traffic detected: POST /api/v1/events?installId=50014048-F3CB-4E84-BB4D121EE644E142 HTTP/1.1Content-Type: application/json; charset=utf-8Host: 0srzroz2i7.execute-api.us-east-1.amazonaws.comContent-Length: 390Expect: 100-continueConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: 0srzroz2i7.execute-api.us-east-1.amazonaws.com
Source: unknownHTTPS traffic detected: 3.214.36.77:443 -> 192.168.2.3:49698 version: TLS 1.2
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_064242581_2_06424258
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_06424B711_2_06424B71
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_035FD69C1_2_035FD69C
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000000.259640508.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260482329.0000000002679000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.261180027.000000007FE85000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526457043.0000000002358000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeBinary or memory string: OriginalFileName vs Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeFile read: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeJump to behavior
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeProcess created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp "C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe"
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeProcess created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp "C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeFile created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmpJump to behavior
Source: classification engineClassification label: sus24.evad.winEXE@3/22@1/1
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\ClearbarInstallationMutex
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic file information: File size 91354864 > 1048576
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: certificate valid
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeProcess created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp "C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe"
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeProcess created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp "C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_0360674F push es; ret 1_2_0360675A
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_03606702 push es; ret 1_2_0360670C
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_06422D49 push es; retf 1_2_06422D5A
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpCode function: 1_2_035FC12F push es; ret 1_2_035FC146
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.exeStatic PE information: section name: .didata
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drStatic PE information: section name: .didata
Source: initial sampleStatic PE information: section name: .text entropy: 6.858613540660051
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeFile created: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile created: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile created: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\HtmlInstaller.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile created: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Networking.dllJump to dropped file
Source: C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpSection loaded: OutputDebugStringW count: 222
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -98953s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -98812s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -98701s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97547s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97388s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97281s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97167s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97062s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96937s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96778s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96671s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96552s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96391s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96261s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96136s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -95985s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -95844s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -97028s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96920s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -96811s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp TID: 6044Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpWindow / User API: threadDelayed 4889Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 98953Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 98812Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 98701Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97547Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97388Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97281Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97167Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97062Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96937Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96778Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96671Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96552Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96391Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96261Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96136Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 95985Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 95844Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 97028Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96920Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 96811Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-Q028I.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\htmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.541294648.000000000D216000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Networking.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\HtmlInstaller.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts12
Command and Scripting Interpreter		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory121
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)121
Virtualization/Sandbox Evasion		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Process Injection		NTDS2
System Owner/User Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common2
Obfuscated Files or Information		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Software Packing		DCSync12
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 763753 Sample: Clear-EasyPrint.b7002.ntcle... Startdate: 08/12/2022 Architecture: WINDOWS Score: 24 5 Clear-EasyPrint.b7002.ntclear.SK001.ch.exe 2 2->5         started        file3 14 Clear-EasyPrint.b7...tclear.SK001.ch.tmp, PE32 5->14 dropped 24 Obfuscated command line found 5->24 9 Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp 18 44 5->9         started        signatures4 process5 dnsIp6 22 0srzroz2i7.execute-api.us-east-1.amazonaws.com 3.214.36.77, 443, 49698 AMAZON-AESUS United States 9->22 16 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->16 dropped 18 C:\Users\user\AppData\...18etworking.dll, PE32 9->18 dropped 20 C:\Users\user\AppData\...\HtmlInstaller.dll, PE32 9->20 dropped 26 Tries to delay execution (extensive OutputDebugStringW loop) 9->26 file7 signatures8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Clear-EasyPrint.b7002.ntclear.SK001.ch.exe3%ReversingLabs
Clear-EasyPrint.b7002.ntclear.SK001.ch.exe3%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\HtmlInstaller.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Networking.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\_isetup\_setup64.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cnP0%URL Reputationsafe
http://www.founder.com.cn/cnP0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/E0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.carterandcone.comue0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
https://www.innosetup.com/0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/)0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/(0%URL Reputationsafe
https://0srzroz2i7.execute-api.us-east-1.amazonaws.com40%Avira URL Cloudsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.carterandcone.comU0%URL Reputationsafe
https://clearbar.app/rd2/?id=434930Ly9hcmNhZGV0YWIuY29t&guid=0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/#0%URL Reputationsafe
http://www.zhongyicts.com.cn;0%Avira URL Cloudsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.carterandcone.como.0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.founder.com.cn/cna-d/0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.carterandcone.comn0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.carterandcone.comz0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/i0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/a0%URL Reputationsafe
https://clearbar.app0390%Avira URL Cloudsafe
http://www.ascendercorp.com/typedesigners.html:0%Avira URL Cloudsafe
https://cloudfront.clearbar.app/binaries/tutorials/%s.7z0%Avira URL Cloudsafe
http://www.carterandcone.comcz0%Avira URL Cloudsafe
https://search.clearbar.app/crx/search.php?guid=0%Avira URL Cloudsafe
https://clearbar.app(https://clearbar.app(https://clearbar.app0%Avira URL Cloudsafe
https://clearbar.app/rd2/?id=368729Ly9hcmNhZGV0YWIuY29t&guid=0%Avira URL Cloudsafe
http://www.carterandcone.coma-e0%Avira URL Cloudsafe
https://clearbar.app/rd2/?id=296104Ly9hcmNhZGV0YWIuY29t&guid=0%Avira URL Cloudsafe
http://www.zhongyicts.com.cnnt0%Avira URL Cloudsafe
https://clearbar.app03m0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y000%Avira URL Cloudsafe
https://meta.clearbar.app/sug/?s=0%Avira URL Cloudsafe
http://www.carterandcone.comXM:0%Avira URL Cloudsafe
http://www.carterandcone.comv-s0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
0srzroz2i7.execute-api.us-east-1.amazonaws.com
3.214.36.77
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/events?installId=50014048-F3CB-4E84-BB4D121EE644E142false
      		high
      NameSourceMaliciousAntivirus DetectionReputation
      https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUClear-EasyPrint.b7002.ntclear.SK001.ch.exefalse
        		high
        http://www.fontbureau.com/designersGClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.founder.com.cn/cnPClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers/?Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bTheClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/jp/EClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.founder.com.cn/cna-d/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.zhongyicts.com.cn;Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://www.tiro.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://0srzroz2i7.execute-api.us-east-1.amazonaws.com4Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.goodfont.co.krClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://search.yahoo.com?fr=tightropetb&type=11745Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                  		high
                  http://www.carterandcone.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.json.org/json2.jsClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286860547.0000000008435000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drfalse
                    		high
                    http://www.sajatypeworks.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://clearbar.app/rd2/?id=434930Ly9hcmNhZGV0YWIuY29t&guid=Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.founder.com.cn/cn/cTheClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.ascendercorp.com/typedesigners.html:Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275695947.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.carterandcone.comueClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.remobjects.com/psClear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260286559.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260678295.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000000.262122335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp//Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.json.org/json2.jsH?Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286015809.0000000008444000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://cloudfront.clearbar.app/binaries/tutorials/%s.7zClear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526073996.0000000002318000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527283725.000000000260F000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://clearbar.app039Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526606408.0000000002393000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.innosetup.com/Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260286559.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.260678295.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000000.262122335.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276657785.00000000083B7000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.galapagosdesign.com/DPleaseClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/)Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/Y0Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276245133.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276062862.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276290564.00000000083BE000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.ascendercorp.com/typedesigners.htmlClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275695947.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/(Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fonts.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.sandoll.co.krClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.carterandcone.comUClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/#Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.urwpp.deDPleaseClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.zhongyicts.com.cnClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.carterandcone.como.Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.sakkal.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/events?installId=50014048-F3CB-4E84-BBClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.532177452.0000000004318000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529371525.0000000003818000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://search.yahoo.com?fr=tightropetb&type=117IuY29t&guid=Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527411319.000000000264C000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://www.carterandcone.comczClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://search.clearbar.app/crx/search.php?guid=Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203541_Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529245960.00000000037C3000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                                  		high
                                  http://www.apache.org/licenses/LICENSE-2.0Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.276657785.00000000083B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.galapagosdesign.com/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277886599.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comFClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277536601.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277422272.00000000083BC000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.277510508.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://clearbar.app/rd2/?id=368729Ly9hcmNhZGV0YWIuY29t&guid=Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://clearbar.app(https://clearbar.app(https://clearbar.appClear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://maps.google.comClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                                        		high
                                        http://knockoutjs.com/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.539777732.000000000CED0000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.285855095.0000000009B64000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drfalse
                                          		high
                                          http://www.jiyu-kobo.co.jp/jp/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.coma-eClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.json.org/json2.jsW?QjClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535318909.0000000008438000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.286860547.0000000008435000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.carterandcone.comnClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comlClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://clearbar.app/rd2/?id=296104Ly9hcmNhZGV0YWIuY29t&guid=Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529094317.000000000377E000.00000004.00001000.00020000.00000000.sdmp, easyprint_clearbar.json.1.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnntClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://clearbar.app03mClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527764123.00000000026CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/cabarga.htmlNClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cnClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274266027.00000000083B3000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274350565.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/frere-jones.htmlClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/eventsClear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000002.526073996.0000000002318000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.exe, 00000000.00000003.259868636.0000000002590000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.529263157.00000000037CB000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.263379215.0000000003520000.00000004.00001000.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.531989728.00000000042E1000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.527283725.000000000260F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.opensource.org/licenses/mit-license.php)Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.539777732.000000000CED0000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.285855095.0000000009B64000.00000004.00000800.00020000.00000000.sdmp, knockout.js.1.drfalse
                                                    		high
                                                    http://www.carterandcone.comzClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/Y00Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275292292.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://meta.clearbar.app/sug/?s=easyprint_clearbar.json.1.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.jiyu-kobo.co.jp/iClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275560352.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275706346.00000000083BD000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275375985.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers8Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000002.535618558.0000000009632000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.carterandcone.comXM:Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274533142.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.jiyu-kobo.co.jp/aClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.275099514.00000000083BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.carterandcone.comv-sClear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274423983.00000000083B7000.00000004.00000800.00020000.00000000.sdmp, Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp, 00000001.00000003.274391805.00000000083B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      3.214.36.77
                                                      		0srzroz2i7.execute-api.us-east-1.amazonaws.comUnited States
                                                      		14618AMAZON-AESUSfalse

                                                      General Information

                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                      Analysis ID:763753
                                                      Start date and time:2022-12-08 21:30:33 +01:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 9m 45s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:13
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:SUS
                                                      Classification:sus24.evad.winEXE@3/22@1/1
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HDC Information:
                                                      • Successful, ratio: 0.4% (good quality ratio 0.2%)
                                                      • Quality average: 31.3%
                                                      • Quality standard deviation: 37%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 34
                                                      • Number of non-executed functions: 2
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 142.250.184.110
                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, www.google-analytics.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      21:31:47API Interceptor22x Sleep call for process: Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      No context

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      0srzroz2i7.execute-api.us-east-1.amazonaws.comMDE_File_Sample_d663e3a694c9421bf2b4aede98b6a7a048ba4374.zipGet hashmaliciousBrowse
                                                      • 52.87.131.32

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      AMAZON-AESUSSH-765433_pdf.exeGet hashmaliciousBrowse
                                                      • 3.232.242.170
                                                      https://drkoljames.myportfolio.com/Get hashmaliciousBrowse
                                                      • 54.174.232.127
                                                      https://npxone-1212a1.hub.arcgis.com/Get hashmaliciousBrowse
                                                      • 34.225.226.12
                                                      PO 0017709220.pdf (68KB).exeGet hashmaliciousBrowse
                                                      • 52.20.78.240
                                                      https://t.co/wP6sqCqYIhGet hashmaliciousBrowse
                                                      • 54.84.214.198
                                                      https://lc3.shktrk.com/r/e/leBmmSL0GqOs6GEn7#gpeterson@ii-vi.com&010-9AGet hashmaliciousBrowse
                                                      • 34.239.5.157
                                                      http___185.246.221.143_pl2.exeGet hashmaliciousBrowse
                                                      • 3.236.57.215
                                                      PAYMENT ADVICE 2022-06-12.exeGet hashmaliciousBrowse
                                                      • 3.220.57.224
                                                      wUPIJcl00e.exeGet hashmaliciousBrowse
                                                      • 54.91.59.199
                                                      Y7bs6Iraea.elfGet hashmaliciousBrowse
                                                      • 54.42.88.250
                                                      SOA.exeGet hashmaliciousBrowse
                                                      • 3.220.57.224
                                                      invoice4446575.docGet hashmaliciousBrowse
                                                      • 3.220.57.224
                                                      UD6pLpOGgw.exeGet hashmaliciousBrowse
                                                      • 3.232.242.170
                                                      https://rebrand.ly/w4i1gja?user=jerrym@dwotc.comGet hashmaliciousBrowse
                                                      • 54.237.146.211
                                                      SS023297 TUBLOROM S.R.L.vbsGet hashmaliciousBrowse
                                                      • 3.232.242.170
                                                      Reftt120620025523.vbeGet hashmaliciousBrowse
                                                      • 52.20.78.240
                                                      validation- OFFICE 365.htmGet hashmaliciousBrowse
                                                      • 54.91.59.199
                                                      SOA.exeGet hashmaliciousBrowse
                                                      • 52.20.78.240
                                                      New_PO #1783919939-12-2022 RFQ Amended.exeGet hashmaliciousBrowse
                                                      • 3.232.242.170
                                                      https://tdgnaples.com/.howe/Banking/AppStoreBadge.svgGet hashmaliciousBrowse
                                                      • 52.1.244.227

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      3b5074b1b5d032e5620f69f9f700ff0eSH-765433_pdf.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SecuriteInfo.com.Trojan-Dropper.MSIL.Agent.5276.27672.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      PO 0017709220.pdf (68KB).exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      Slzzmcysvci.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SecuriteInfo.com.Trojan.PackedNET.1725.2046.4085.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      filmora_setup.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SecuriteInfo.com.Trojan.PackedNET.1725.7607.10943.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SecuriteInfo.com.Trojan.PackedNET.1725.19553.28086.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      PAYMENT ADVICE 2022-06-12.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      wUPIJcl00e.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SOA.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SecuriteInfo.com.Win32.RATX-gen.27343.27281.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      UD6pLpOGgw.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      i9SqJ8gZJ8.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SS023297 TUBLOROM S.R.L.vbsGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      7Q3AKqiytj.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      Reftt120620025523.vbeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      9985.jsGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      SOA.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77
                                                      New_PO #1783919939-12-2022 RFQ Amended.exeGet hashmaliciousBrowse
                                                      • 3.214.36.77

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\_isetup\_setup64.tmpvQDvcLViTy.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          window driver-Receipt.exeGet hashmaliciousBrowse
                                                            http://www.motospeed.cc/index.php?ac=article&at=read&did=572Get hashmaliciousBrowse
                                                              setup.exeGet hashmaliciousBrowse
                                                                MDE_File_Sample_d663e3a694c9421bf2b4aede98b6a7a048ba4374.zipGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    1W9d4MoXPX.exeGet hashmaliciousBrowse
                                                                      bZdS2ePa0W.exeGet hashmaliciousBrowse
                                                                        bZdS2ePa0W.exeGet hashmaliciousBrowse
                                                                          ICT_REPORTX_SETUP.exeGet hashmaliciousBrowse
                                                                            http://pcps.landmarkspace.co.uk:9163/known-hosts/windowsGet hashmaliciousBrowse
                                                                              file.exeGet hashmaliciousBrowse
                                                                                file.exeGet hashmaliciousBrowse
                                                                                  file.exeGet hashmaliciousBrowse
                                                                                    file.exeGet hashmaliciousBrowse
                                                                                      file.exeGet hashmaliciousBrowse
                                                                                        file.exeGet hashmaliciousBrowse
                                                                                          file.exeGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Trojan.Siggen18.59138.29444.26902.exeGet hashmaliciousBrowse

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):3150168
                                                                                              Entropy (8bit):6.376277365909482
                                                                                              Encrypted:false
                                                                                              SSDEEP:49152:6dx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEj6333in:LHDYsqiPRhINnq95FoHVB6333+
                                                                                              MD5:032A47886B37474C68E22C9C9FD2D1C3
                                                                                              SHA1:0D9311F561D96860F06A9D00D451CCF25006B4EC
                                                                                              SHA-256:E35A3C699C57413FD079E35BCA26665EAE12344A2C0E1157A9626D244FCDA127
                                                                                              SHA-512:E86ABBEFDA47701B09542F28D4E784A14B1E4FB70DEAF368326892CDEBECF41E5B778A9C4E8647A6D82EF64A1A75CB8636494194A1E0C4DAD26D908BD1A74D67
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 2%
                                                                                              Reputation:low
                                                                                              Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................0.......0...@......@....................-.......-..9..................../.X)....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\HtmlInstaller.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):193536
                                                                                              Entropy (8bit):6.820693119469158
                                                                                              Encrypted:false
                                                                                              SSDEEP:3072:xALrx9O/fRTlKkdYPwSGx1jM/ZS/1mBKxVA7JhUR+AKvaB:qLroK6jxzjsZS/4sLQhU8z
                                                                                              MD5:44D765266942C3504553A6531BF8463A
                                                                                              SHA1:40CBAE17FDE4C9DFE76495CDE3B87ABDEB4CE248
                                                                                              SHA-256:0A961B983903269F0F1BE0A26C66435C92C827E0B9D59F531DB4DE4DD0A06955
                                                                                              SHA-512:7F64B95981A6DCAA5947E71A8F25A69EC0086D59EA446E921FA018B4529DE15BC2D4F31183A978A55AE0CDF4FE79133CEC541DFFC15E02ED04A59501A15F9645
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Reputation:low
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!..................... ... ....... ....................................@.........................8 ..(.......O....@.......................`..(.................................................... ............... ..H............text...4.... ...................... ..`.sdata....... ......................@....rsrc........@......................@..@.reloc..(....`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Networking.dll

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):34304
                                                                                              Entropy (8bit):5.658513916621655
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:y4oWWHcTlzyzGpcLr3oN2XS84W2QSl7rVnQlnIqJuYClIF3Jomn:ySTlzy6o387W2QSJrukYIIln
                                                                                              MD5:2B3AEEF8E06946089CC268AD84B1D66E
                                                                                              SHA1:87C28686B7C81681A9F21946243FEC4C9715022F
                                                                                              SHA-256:259702B8A727488EAB22D885EDFDBFFBA715B8A608DB1609F0136CA3D9FBD899
                                                                                              SHA-512:B35120423E1DEA0397CE316013F7838BF6C31E229EC933CC026E411B25B42704A01C7779145C0F7A25C4AA523AF22FB40D56844CC767F828349BA72A40F4AEEB
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Reputation:low
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ic...........!.....z............... ........... ....................................@.........................(...(...<...O............................... .................................................... ............... ..H............text....x... ...z.................. ..`.sdata..x............~..............@....rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Profiles\easyprint_clearbar.json

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):1007
                                                                                              Entropy (8bit):5.395861551744719
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:AHrsbqxInyJV+lfK3mHAR9uu2jDh57ywXJS:9vnyJslC3mHARUuk7pk
                                                                                              MD5:0EB878A0335234908023AAAB9607C115
                                                                                              SHA1:0075ACE934DC0CA29A0B7AB5E9ED7CBFF8570BFB
                                                                                              SHA-256:611FC37F5F7FF23B15C8D7E3FB71D65C9CC748A6FBA08417E621D667C68E2E7E
                                                                                              SHA-512:18E6FA3F07B515D16284FFF1D9BF4858FFD6E15C7E0F47BFF9F1E18D7E52E2F6591C80241EC189B1BFF6DACDB22FDFDC674F71084A8E77F7EB78A364ED1A034E
                                                                                              Malicious:false
                                                                                              Preview:{.. "ThankYouPageUrl": "https://clearbar.app/rd2/?id=434930Ly9hcmNhZGV0YWIuY29t&guid={guid}&ext.id={profile.BrandName}&ext.version={app.version}",.. "FirstRunUrl": "https://clearbar.app/rd2/?id=368729Ly9hcmNhZGV0YWIuY29t&guid={guid}",.. "UnInstallUrl": "https://clearbar.app/rd2/?id=296104Ly9hcmNhZGV0YWIuY29t&guid={guid}",.. "SearchUrl": "https://search.clearbar.app/crx/search.php?guid={guid}&q={searchTerms}&action={searchAction}",.. "SuggestionUrl": "https://meta.clearbar.app/sug/?s={searchTerms}&output=json",.. "ChromiumSuggestionUrl": "https://meta.clearbar.app/sug/?s={searchTerms}",.. "BrandDisplayName": "Easy Print",.. "BrandName": "easyprint_ClearBar",.. "FeatureUrls": {.. "weather": "https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203541_{user.InstallTime|format_mmddyy}",.. "app-icon": "https://search.yahoo.com?fr=tightropetb&type=11745",.. "maps": "https://maps.google.com".. },.. "BrandTags": [ "easyprint", "-manualsdirectory" ]..}../* -{ "Sample": 123

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\Profiles\profile_map.txt

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):410
                                                                                              Entropy (8bit):4.311824882740019
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:lBJDGhxW4TyfifktFz9GO9cX7g1D89KfEay:lBPwVIz7mYDkKsT
                                                                                              MD5:6444764B2CF9F2B2C274787263A78CCB
                                                                                              SHA1:0284957AC5E3C40D75B4D1B2E79F9EF954B1A890
                                                                                              SHA-256:1AF45A6C76B8BAA3CC167690EB748D8C367D1B5E98FE3581B6D8975632FF07F7
                                                                                              SHA-512:1E0C9B7AA97127FEE1B8B927C9863C7BF28B401691CC4D625D1A948C5ADD96B47E0C09A6D511AE3AF9ABBB1C007460072B8E1387D66843809D0515DC0C1D816F
                                                                                              Malicious:false
                                                                                              Preview:frompdftodoc=pdftodoc_clearbar.json..tvsearch=tvsearch_clearbar.json..manualslibrary=manualssearch_clearbar.json..myofficex=myofficex_clearbar.json..mapsrch=mapsrch_clearbar.json..templatesearch=templatesearch_clearbar.json..easyrecipessearch=ers_clearbar.json..clearbarinstaller=ers_clearbar.json..manualsdirectory=manualsdirectory_clearbar.json..easyprint=easyprint_clearbar.json..clear=clear_clearbar.json..

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\_isetup\_setup64.tmp

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):6144
                                                                                              Entropy (8bit):4.720366600008286
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: vQDvcLViTy.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: window driver-Receipt.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                              • Filename: MDE_File_Sample_d663e3a694c9421bf2b4aede98b6a7a048ba4374.zip, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: 1W9d4MoXPX.exe, Detection: malicious, Browse
                                                                                              • Filename: bZdS2ePa0W.exe, Detection: malicious, Browse
                                                                                              • Filename: bZdS2ePa0W.exe, Detection: malicious, Browse
                                                                                              • Filename: ICT_REPORTX_SETUP.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen18.59138.29444.26902.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\common\browse_icon.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 30 x 23, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):1679
                                                                                              Entropy (8bit):7.127104300428268
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:1G1hBWwh82lYSKwKptsVbnTT3hTyJ3V3KOGTVSPWMd6Cd92AUI1toyWXy81mZCR:1MOvnLR7slTtuJ3YOJWMd6DJtYkR
                                                                                              MD5:9C26F5DD459C12F2F8A28CAFB7447520
                                                                                              SHA1:8E80481D866CCFECB0BE5AF772FA456197F3100E
                                                                                              SHA-256:3156AD4638AB7AE34E17E07A4BFC0E2509690B886506035DC92EF0EA8ADB0847
                                                                                              SHA-512:46343411C69CCBD87DE2DCB18DFC01EC6EACE81CCF0BBA142E12D4901FE9D2C783063F290C49D0E2253D6CCCDE63EFAD5748E3AD8095554FC96410D1D633D43A
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR..............?.j....tEXtSoftware.Adobe ImageReadyq.e<...uiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:924ccc54-ca49-4973-85e7-4f0aef8fb5ce" xmpMM:DocumentID="xmp.did:405429C7FFF911EAABE4F06A353F0EF9" xmpMM:InstanceID="xmp.iid:405429C6FFF911EAABE4F06A353F0EF9" xmp:CreatorTool="Adobe Photoshop 21.2 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:800f93bb-fff5-4b10-a807-9a6ec0d06b2f" stRef:documentID="xmp.did:924ccc54-ca49-4973-85e7-4f0aef8fb5ce"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.V=k.A.~fv.n/.KT...|..H

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\common\check_badge.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 17 x 19, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):1406
                                                                                              Entropy (8bit):6.819433511833457
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:s/G1hBWwh82lYSKwKpxsVb7TT3hTyJ3V3KOGZfY7VH4TD47l0UjaOs1:s/MOvnLRnspTtuJ3YObVHaD4raOs1
                                                                                              MD5:5BB846C7F7965BB689DC678AF686C9BF
                                                                                              SHA1:968EAF0A2C169D8738052CB928607BDCBC664866
                                                                                              SHA-256:DFEDC430D48922DDC24166AF1EF4E2B77112386602CB6BE15686C6A60E0D0F5C
                                                                                              SHA-512:0945322EDF5E0BC89192FD940A867578F69C16400C32F1F94A90AA6220D1206652B92DA78BF2089D95BFD36D613C12BA1D9970856559F851E664BC880B628413
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR.............v.......tEXtSoftware.Adobe ImageReadyq.e<...uiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:924ccc54-ca49-4973-85e7-4f0aef8fb5ce" xmpMM:DocumentID="xmp.did:405429C3FFF911EAABE4F06A353F0EF9" xmpMM:InstanceID="xmp.iid:405429C2FFF911EAABE4F06A353F0EF9" xmp:CreatorTool="Adobe Photoshop 21.2 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:800f93bb-fff5-4b10-a807-9a6ec0d06b2f" stRef:documentID="xmp.did:924ccc54-ca49-4973-85e7-4f0aef8fb5ce"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.8......IDATx...+.Q...c....Bn.k.%..V

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\common\closex.svg

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                              Category:dropped
                                                                                              Size (bytes):1075
                                                                                              Entropy (8bit):5.189827252951011
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:2dVAhLfEWkj5ry5oGFrodfE6jJSDS8utRJP0hE3X0:cVApfEFj1spFrSESADSDRqG3X0
                                                                                              MD5:D181C9D9709E5029220B246CB4007327
                                                                                              SHA1:0805408095500984B6BE4DEED4A49F2B9C2DCFD1
                                                                                              SHA-256:7E86D106332D3AB2B0872D3015A7AC4AEF29E6A7B73B07E2CE6823C5C843A1FE
                                                                                              SHA-512:82DC7AE1E32C513E4811F2857871BB925046DB5565B4055AC7AEBCF91E5E428407B13220CEF68FBE47A8A1EB3BA21A2BA0DBD7B1E47D8EF9F4B3CBD0A8A897C4
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 25.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Layer_4" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 111.2 111.2" style="enable-background:new 0 0 111.2 111.2;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}..</style>..<path class="st0" d="M55.6,111.2C24.9,111.2,0,86.3,0,55.6S24.9,0,55.6,0s55.6,24.9,55.6,55.6c0,0,0,0,0,0...C111.2,86.3,86.3,111.2,55.6,111.2z M55.6,8.6c-26,0-47.1,21-47.1,47s21,47.1,47,47.1c26,0,47.1-21,47.1-47c0,0,0,0,0-0.1...C102.6,29.7,81.6,8.6,55.6,8.6z"/>..<path class="st0" d="M43.8,71.7c-2.4,0-4.3-1.9-4.2-4.3c0-1.1,0.5-2.2,1.2-3l23.5-23.5c1.5-1.8,4.2-2.1,6-0.6c1.8,1.5,2.1,4.2,0.6,6...c-0.2,0.2-0.4,0.4-0.6,0.6L46.9,70.4C46.1,71.2,45,71.7,43.8,71.7z"/>..<path class="st0" d="M67.4,71.7c-1.1,0-2.2-0.5-3-1.3L40.8,46.9c-1.4-1.9-1.1-4.6,0.8-6c1.5-1.2,3.7-1.2,5.2,0l23.6,23.5...c

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\common\green-check.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 50 x 57, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):986
                                                                                              Entropy (8bit):7.721806197786618
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:Pr1sS/SsL5XCo/hYQe/t4DVXY9lGLjRYn1jvFb1vE+JFTUd1Sh:z1t9L5S8CQ2OC9lGLjQ1jleFng
                                                                                              MD5:7F05D0A50CD14E33215C6AB3DE84FA9F
                                                                                              SHA1:5574D4D783636A2E6DBFA8242F333F231B2ADDB2
                                                                                              SHA-256:DE3168CAA9EE5026EBD96DA1F665A4C98762F29A53AEB480E107FB9DE7B342E8
                                                                                              SHA-512:64F695C3D1663EFDD99C30BED5FDA589790AE1E41D90E2EA7293B80066466B3D9CB46EC270277EC63ADF11D27F53947F63D39312A7C5071663326FB0A348518E
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR...2...9.....t.xr....tEXtSoftware.Adobe ImageReadyq.e<...|IDATx...q.0.....P.SA.....\RA.... q..+...T R..\...tp.Z...7....9.c@...Z ....hg"i.>c.'.mZ.?.`....!.}.~.z.0p.0..'... $.3......*............y.......Y2(j.BR>.o.$C..Z..."A.T.AD.f...j..=..7N.a.>1.e}.."l..}.....^..;......~X.O."l.....M.....A.E.S"...uW.G.R.nq.9.N.....~[..I..8.... .......].V.._A...+.l..mz. .J..4.t{.C.9.5..W+.&...X.P...2...d.y...I....%.|s-:J...Yk.5GH!..9.P&<Sr.F...b.9.V.#..1......=.KK~.d...R....u@..._....D......Hi..P... ..w1.!V"1...-b..eJ.|9.I..D.RY.`B...H.A.c.._....A.\.....G9i..t0/=@$.1H3.{q...^..VZ}.L.r:....).0....t.Il.*..`hc.0WB9.7.v....h....V5J.e...^^$.<V+..z3n...1A\]K....sP...,$............b0......)...n.!C..{.m...^.'.[U.~A.+....n[..~Q.(/.rx...D...%....2.n.....SX..5.0...:.9Q..q+RyB.(........B.5..w>_.<..3o...^a..k...0....7.m}d.".L...@.$..A../y..J..6&.....I......y...:].r{V..E..S........g........~"...T?.z.*..r2......C.}..@....X...._....zum.s.....IEND.B`.

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\common\greenprogress.gif

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:GIF image data, version 89a, 256 x 40
                                                                                              Category:dropped
                                                                                              Size (bytes):48826
                                                                                              Entropy (8bit):7.97104222446873
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:JnenzAD9YORZj+dWnHdB/2tHom9uyYVoJPONRP5gZdehLNhzvgeqqKK16tAN1oYn:ZkzARYOfj+k9B/jm9+VopC5gZd2hLge5
                                                                                              MD5:CB84E51D64C4D8F5C25D1563BC83C49A
                                                                                              SHA1:DAB485EB103DD8810CBBB39F87245B3DB7945308
                                                                                              SHA-256:D916A57D1601286604BF570FA5F88E5A257026EDE1A41F5D305AF24B6315CE05
                                                                                              SHA-512:2120EFF7FBF22BC108DE651BEAAF95CB34FD19E66F940C28B2484ACDF13DCC6F38093C7F20F2C34AF02D5B7E6BEC7F4826FD067A995F1A64CB93D850C31780A4
                                                                                              Malicious:false
                                                                                              Preview:GIF89a..(......,4.<,.4<.D$.,<.D4.<,.4$.,4.D,.<$.4>.F.........!..NETSCAPE2.0.....!.......,......(....P.%..8....'..g.e..k.^'<.TM.v..z..@.0H..*..p.T:.........6..z...xL......^.....k....|.N..[|.d....lt.Z.`.Wa.........Y...tu........~Y....w.....................S.......i......................................b..........I.P.>}..)L...=..y.P...Cdf....@....7.....Em.CzT.r...UNfK...H.6K6...f..C.<&...xa8.A.T..3..E..S..".7..T.YC..[...x.d&.....p.. ...F.x.Y..q.]..0.d.......a..."5.....f...3g.a..<...c..%......._kl..........1b....>\.......-n...]2........^..7...hO........<.u.....cZ...P?.W.h...#.|....hX...f..._w..g...V..b..S....S..S.x..$.hb.s...O.}8E...(#z4.w...M."..Nq.'........G.h.y7n..1U|..e0V..%....^t....\.Y.V.I..a..Ypv&...%_C..&.a"b.o..f...E$6. .....]T(. .0OC].Y..$...9h=.""....#~_........l.i.b.x....:Ef...k.W.i...j ..*j.<...l...C...y.U..B......g.......}...........(\......p@..N.m...1.n.zQ.......1.....S.....\p....].%@...K.w..j..wD...(.........DiEpO$.r.u

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\easyprint\128.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):3083
                                                                                              Entropy (8bit):7.885579437416813
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:wgVQcMoWcaoyBf9DcixIt2l++ya9V5vVVYLs7occC4Bj6bkxhVyzluwzeyUfFV+A:wgVQ9opaxM9aHigcC4BOAxhVcuQeNGo
                                                                                              MD5:15F5E39722AA04C14707D98F2F466F46
                                                                                              SHA1:E75968339BFBC9B5319BD5E62832B5474B7964C8
                                                                                              SHA-256:ED562B1C683CC7A6C67FE842695FFF639207753858C087EBC1053DC8EFFE0080
                                                                                              SHA-512:F861DE2861987B8A69B1EB71AA5348B228780644AAAF3603F820771ACB7773415FB6C16CB0DC3E6A0C1DB36D7D9560652B4D0C0227D3A326DF005BF1818743B3
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR..............>a.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]}L[..?~.(....4U...I(...-m.#....dkc.%R.F1tR.m.0..i...i.H'u.e@.v.d..IY.V...DU;.j.J[W.)..`...B...3<....}..'....}..w...s.}....p/<....y..7@..6.N..p....*N.e..Q......X...j.=.3.......Q. QB.. .y..S#...>=.h$......iG.....!.N.Q^0..@..ic.......>LGz.u......6H.......u..W.M&......".....|...>.3....{x.J...m#.d...m.E.,b|4..t....@u{....'..^....I."?......E..v..H.}.}...$..+..n.[.L0>..'.`|.!H..j .l|4:J~@.[.......F...A...6@}...@..$$....y.$.)...P...K....._.K....H....#.'.X00&....7..l......6.......5.$........C.....%A.:..8.'|...a.|...........)....p...Lz.=....u%...r...h..d|.G.Xn.w.I*.......j(u.....Z..x.W...g.w....m^.juI..^....}..K.#..~_@.N."...K....n.W.D...l....Y...^....?d......3g.me.]...^.......h|t..|.`....].../..P.L...-=....o.5.O.e..~.>0.[.ez~..z..Hg..f...?...../..../.M.?.....e...r.{.SM@(...8...gj+dvZ1Q...<.......V.I.~w.............U.1...........s......).!o..0.'...xf.BH)....y.W......'.....

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\easyprint\400x80-white.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 400 x 80, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):5188
                                                                                              Entropy (8bit):7.945670032310185
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:qPjszEh9Hn5cJwVWiPdzuMwF7bbtd/dAnsewhNgGHJsIQt+Bm3BzWx:qPjThF+wVWilzAVd1An0gGpsIQt+Bm5C
                                                                                              MD5:38792C564259271C605D0ADBD262ACBC
                                                                                              SHA1:B1566AFA3169EB0F243056E6896E6445FEDB9C44
                                                                                              SHA-256:12552D5DAB9C884F8881F65494369B150FB3484358677FFB35632EF0F420C9D8
                                                                                              SHA-512:15AC6C950AF00B4EBAF9E4DB24216282723099E0DE79111AFB211A16370CBE84EB373A713DBF2A1411304C8C39CE961357F1C9B03F47567FA4DD4BAF45B996E1
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR.......P.....7 #.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]}.\U.?..R.B;EL..}...$0.&.M...D..v...I...h"..h....?H"....#..(...;.....4..1tJ............).3s_w...;..../y.;..{..{~...q....@ ..... ,t.....Lcf1....>u...WG...P..J...,....;.....U..,.K......b>..B._S....4.&....|3EY.O...."...:....g.T$R.ii..._..Y..&..{...DM.......H%-.q....S.L..b\....EB....9XR.RN.yXz..#.\.\f..).)..DM ..6.].OWu.9.I._.4.r..D .3,} ..Q..spR.I1...#~.W^....8..@.?...#y.B^..Lf.Q..,.....S.H..a.........R. T.Y&.9...!P@............Q.k.#.q.......RU...J.."........\LI$.P.c.6..@f.G..T.G......FE...PIdV.8Y....S..3<}y...H..8...G.G..Q.F...`.J7....&.M.......?.2....$.$..x.G%6"......G...L.{.M.y'.......$1.T[.U$2 s[ ..C1.B....SN!........@f.1]v*..:...e.Q...2...Y+^...].z.z.9>......:.....w.......,"q..r.........A{..7x.t@...aaFV.......bL...bf....p.....,g..,2Ak..#(..e....<.....2....}.......F.;w...{.v......*.i.....)..uF.z*...u?.ym..A6n.u.NO..{..?Q.%..`.H.=..A....G.O..rW.c...b<.rz.....@/mA......

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\easyprint\400x80.png

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:PNG image data, 400 x 80, 8-bit/color RGBA, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):5193
                                                                                              Entropy (8bit):7.949183195295671
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:qcY9gfZ1HUnZJHabWzggZiN23H9cgnXitQz7B38ferE3znL4vajJWz:qri1Un3qUiN5Qzl3dQjL48JWz
                                                                                              MD5:0CF441CBD25A70159B351EFEC0157368
                                                                                              SHA1:848CDDDF48565EE90E0D354B0E0242944BBC0116
                                                                                              SHA-256:022A25761055AB80F20845A6B64D9654929AB19BB55ADDCA639E9C0EDA5A76C8
                                                                                              SHA-512:8C7893E95B7219026ED93EB20EDFE47FD6BBBE7A67E6F8E3DB8BA9370D03C146D70E885F9B2EC599EF07CCB9EA6781FD495DAC9902C999ECECE5D623314B4E04
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR.......P.....7 #.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..]kl\...;..$.l..(.rS....6j..VQ..J+Q.F.*....U+....*.*...TZ.....k.H4.{....j}M.&B.. ..*(..D.)....,=.{n..w....c>..I|..;g..3s......@ ....AP........|V...nu..+.UG..Z_.....L.....Y...?.S..g..#_...I.07m2..<...\.,. .P2....)JJ~.`.....a4.-.[."..HKsdB.p.f...0..-...U%..S[.."..(...1..a....:\.*...1X.c..H....0.8kE..*.L.oS$R.q..@j..O..9..j.O..~.I.....@.e..@2.H...".B..4K<.K>.Rt.D.yu .B..<.!.?.)E&....g.......E$3.0".....y=.%..@..c....( 3.Df.H....c..D..8...\....jSU.!.F+A.+.1..~......*^.D.b..I....oE..;.....@..6U.E...S[."B.A.$2..V..x....t^......@..?...G.W..1u.2...@`DJ7....$.M.......7.25...$.8.....$6"..........'.;x......|.....1.T..U$.'c[ .....B....S.BB3)....3C.].}j..e....8.u.<:.....%G]....).....k..a..A"E..L..v.....EOu%.=^..9.L.c.U.,w...S$2$.B h.]......rf .L.TFV...pJ>.N/o.l.kj~0a.aaP...............b.....n\....o.m..^...........6.U.[I....@y"........c.4.g6..U...z..US..-..'*........'b2.a.....6X.

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\assets\easyprint\background.jpg

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x480, components 3
                                                                                              Category:dropped
                                                                                              Size (bytes):95762
                                                                                              Entropy (8bit):7.9714077444170846
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:rBLEhF6ZDvibbgCqUH72uoO40wDH9TRujDFtIgvALH4XQdme8wpxbPJhdXRqwLob:rBL2QZDKb5zqFO4zxRSD/IZ4kXbrdXox
                                                                                              MD5:23C6C1E5A9A66FE67DC40F176D53FBBC
                                                                                              SHA1:FD75E3573D6D9AA1EDBA9CB21BD0AA8429FAA5F2
                                                                                              SHA-256:9635C8374DA740A7E57E18F7FF88A306198E2BFF109F0514F3E3E68428187D89
                                                                                              SHA-512:804ACD5325387BC0F8DD9CA0D2F5662497D31535CD1F4DC2B7F7A97B22B1A4383057D51D42F5522DB096E63BAD49AA804F9129D13DE1ADD60D2D04D716B4E0C1
                                                                                              Malicious:false
                                                                                              Preview:......Exif..II*.................Ducky.......d......Adobe.d...............................................................................................................................................................................................................................................!1..A.Qaq".......2...B#..R..br..3CS$.....c.4D%s..T.5....&..dt.Eu6F......................!1...AQaq...."2.....BR#...3br....CS$.4c%.DT............?...Z....@....E.D...........J.}..<.z.}D.....~...7%....Zjwb._.%..ITT......{..UW...,.~.]....H.#...Sm...8.......l.2@......EZ..aC.ye;...=.C.ZXI'...P......f.?.O.......j..(t.(.R.Rr.0.5`....(.P...@........(.P...T.......d.........%..ii......W62...5.I@P.g3..q.X.Zw#....w.K....;..8&*q^%k.S.=+.."..vM......i.t.{C...F.N.T..@xW...nR.u...:..uJIhX..>O.t..6...K..=.n.c#[...+.5.}.gu...m.....F........>..=.^........(.P...=.f.[C...x...n..;...Yy.PO.q?#8...r..O8.h..;.<OG..0.n.&...N...dh.OI..Y.Hbv9..w.....2...r.r....I..^.r."..~...@i...i1:.?.~.AYfT.N./}..8

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\css\baseline-compliant.css

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5748
                                                                                              Entropy (8bit):4.968175367246631
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:aFcA/LF6N9U++GGiJb2wsDrUBc1gM29t2T7CkeID09JT30dg79ZWHT2+1k:/809U+jde7CC8JFAi+q
                                                                                              MD5:DEF27E111C70FB69C1C25FB08E8198AC
                                                                                              SHA1:EC75AD3C571F545593A1D564AA2E74800DF1BF5E
                                                                                              SHA-256:058C559EE60A712F5BBAB3A83ECB64411E316DCFEE4CCCB142FEC67A6BB799E9
                                                                                              SHA-512:70058FF877C25606A8D5919A51B3EEE6F0267A3CC0B63ACB82858F0CD12C2F7D81066D0C8277E0E37D94F7835ADF83D7465D852C2F0B9C3AAB3858EA251D4A2E
                                                                                              Malicious:false
                                                                                              Preview:*{.. font-family: 'abc', sans-serif;..}..html {.. -ms-transform-origin: 0 0;..}..html, body {.. padding: 0px;.. margin: 0px;.. overflow:hidden;.. user-select: none;.. -ms-user-select: none;.. width: 640px;.. height: 480px;.. font-size:13px;..}..h1 {.. font-size: 18px;..}..img {.. -ms-user-drag: none;.. user-drag: none;..}..#root {.. display:block;.. padding:20px 30px ;.. border: 2px solid #E6E6E6;.. position:relative;..}...light {..}..a.complianceLink {.. color: #333;..}..a.complianceLink:hover {.. text-decoration: underline;..}..div.header{.. height: 15px;.. position: relative;.. display: grid;.. grid-template-columns: auto auto;.. justify-content: start;.. align-content: center;.. gap: 5px;.. align-items: center;..}..div.brand-logo,img.brand-logo {.. width: 225px;.. margin-left: -5px;..}..div.headlines {.. position: absolute;.. top: 35px;.. right: 0px;.. text-align: right;.. color: #333;..}..div.presents {.. display: inline-block;.. color: #333;..

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\css\baseline.css

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4479
                                                                                              Entropy (8bit):4.83386709685082
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:SGL0Pr5xBNnOB3UeYlb8iW3hSX0jkIXKZmXMU:N29cB3UeYlfWxJaZmXD
                                                                                              MD5:0EDB35FEBD57F2C2B00581F4380015C2
                                                                                              SHA1:FAC253F4EE75EF6C6C4CCC96C6318F32BD0F1302
                                                                                              SHA-256:84CDB3080A989423AA8F06A260C4CBFF98F5FF43DCE6AA9680FBE3237D110B7D
                                                                                              SHA-512:27638C3D4B8135FD33AC6D6DA6930C8515C17CFD21CA33B3B8A60A83DAA7C32ECF9A05D62291D1DE9C29C10AE570557AB8239AB60B43CB18F0BB94290F59FDD4
                                                                                              Malicious:false
                                                                                              Preview:*{...font-family: 'abc', sans-serif;..}..html {..-ms-transform-origin: 0 0;..}..html, body{...padding: 0px;...margin: 0px;.. overflow:hidden;.. user-select: none;.. -ms-user-select: none;.. width: 640px;.. height: 480px;.. font-size:13px;..}..h1 {.. font-size: 18px;..}....img {.. -ms-user-drag: none;.. user-drag: none;..}..#root {.. display:block;.. padding:20px 30px ;....}..div.header{.. height: 60px;.. position:relative;.. color:white;.. margin-bottom: 25px;...display: inline-block;.. width: 100%;.. align-items: center;.. justify-content: space-between;..}..div.brand-logo,img.brand-logo {..}....div.headlines {.. position: absolute;.. top: 35px;.. right: 0px;.. text-align: right;..}....div.headlines .title {.. display:inline-block;..padding-bottom:4px;..}...headlines .subtitle strong{.. display:inline-block;.. padding-top:4px;..}...headlines .subtitle img{.. vertical-align:middle;..}.....pane {.. box-sizing

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\css\baselinenew.css

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):5665
                                                                                              Entropy (8bit):4.939124837126174
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:/SGLSAZs5DJdKF709kw5v/rTDNOB3UJS9bBGb8iW3hSX0jkIXcrMMU:/NSigDK1wvYB3UJS9bB6fWxJSMD
                                                                                              MD5:0A794F911F71DD5B3B545175D1B3DFA9
                                                                                              SHA1:BB2336E64D91F8497D1FEB3B1EF68FB4C1719322
                                                                                              SHA-256:3080B9F15BAE9689510EACBBB67D481399372CB0A59F44F08C94F6835BFD2BA3
                                                                                              SHA-512:FA016A6935256869441EE8499748E79F2CF60BC03A12D4F00F848E4F76A53D23F933A1774645358C0FE8A4FB03B64148C3C1D8D504CC5A446A15E834C1A8FCA1
                                                                                              Malicious:false
                                                                                              Preview:*{...font-family: 'abc', sans-serif;..}..html {..-ms-transform-origin: 0 0;..}..html, body {...padding: 0px;...margin: 0px;.. overflow:hidden;.. user-select: none;.. -ms-user-select: none;.. width: 640px;.. height: 480px;.. font-size:13px;..}..h1 {.. font-size: 18px;..}....img {.. -ms-user-drag: none;.. user-drag: none;..}..#root {.. display:block;.. padding:20px 30px ;....border: 2px solid #E6E6E6;.. position:relative;..}.....light {....}....a.complianceLink {...color: #333;......}....a.complianceLink:hover {...text-decoration: underline;..}....div.header{...height: 15px;...position: relative;...display: grid;...grid-template-columns: auto auto;...justify-content: start;...align-content: center;...gap: 5px;...align-items: center;..}..div.brand-logo,img.brand-logo {...width: 225px;...margin-left: -5px;......}....div.headlines {.. position: absolute;.. top: 35px;.. right: 0px;.. text-align: right;....color: #333;..}....div.presents {...displ

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\css\easyprint.css

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):267
                                                                                              Entropy (8bit):5.064405580689769
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:ihXuLXxHwTTlFk9PvFhRHdsYb6KftNk87Dlje:GXuLBHGK99/dsv87Dlq
                                                                                              MD5:3EDA71BD1F41D2D550850D0802BAE02A
                                                                                              SHA1:3D9DE9093531D75507DC29E36DC6C5BDA4E0EFD4
                                                                                              SHA-256:B21375577549D95AFD7C3D590BE7621376556EA421A0946B322FC2B8D4685D20
                                                                                              SHA-512:FD9F76EA25E0A2792931D172C09F67D1A30C198080DE96D1AD1674CA53DDB08B282AB30697D0592C109F862C5D5C00D44DCB8E73BA0A173359EB3E6723F3F291
                                                                                              Malicious:false
                                                                                              Preview:#root {.. background: transparent url('../assets/easyprint/background.jpg') no-repeat fixed;.. background-color: #303030;.. box-sizing: border-box;.. width:100%;.. height:100%;..}....#root.splash {.. background:#e4f5ff;..}....img.brand-logo {.. width: 250px;..}..

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\index-easyprint.html

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4790
                                                                                              Entropy (8bit):4.67092194993931
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:1kCdE4NdNJSbVoZNlGkgkeEAZ4pmesTMGyboK+C522uOmU5d:lMGNwyXWm
                                                                                              MD5:D900F14F6066A76086F99891E5DE738B
                                                                                              SHA1:FB3E0A5DF989C132615F09D8C86477A07F9A1B3E
                                                                                              SHA-256:08E75D327C6B6E7C99BC30707BBD939CDDC001EA98CD660EFF216A78B47AAC1A
                                                                                              SHA-512:BEF4809E8785E062BFB693B0C8DE21CEB212896E99A5B4D511317FAAC6DB442AA43BC0895AC8B3BFC1DEECE0684AC1C01BEA3B120F92ADF6E41C74100477ED53
                                                                                              Malicious:false
                                                                                              Preview:<!DOCTYPE html>..<html>.. <head>.. <title>Installer</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <link rel="stylesheet" href="css/baseline.css">.. <link rel="stylesheet" href="css/easyprint.css">.. <script src="js/knockout.js"></script>.. <script src="js/installer.js"></script>.. </head>.. <body>.. <div id="root" data-bind="event:{.. mousedown:rootMouseDown,.. keydown:rootKeyDown.. }">.. <div class="header">.. <img class="brand-logo" src="assets/easyprint/400x80-white.png" />.. <div class="headlines">.. <div class="title">Easy Print by Clear Installer</div>.. <div class="subtitle"><img src="assets/common/check_badge.png" />.. <strong>Safe to Install</strong></div>.. </div>.. </div>.. <div class="pane no-drag inactive" data-bind="event: {.. mousedown:cancelEvent },css:{inactive:false}">.. <div class="steps-line">.. ko if: hasSteps -->..

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\js\installer.js

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):13378
                                                                                              Entropy (8bit):4.929821496987544
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:RVAXXDbKE/G/gKUeTIuaI54kSkzRtWbpdU:RVYuVnouaAVrWvU
                                                                                              MD5:3246B9289398E5D3668129FD1F6AA5BE
                                                                                              SHA1:B4ED4C02A2A83D7AB8DAFA62F77BFC990D8924B0
                                                                                              SHA-256:21338F7A6C7200113E6D2CB19577D223BD9886096AD27E91B7749036247DD117
                                                                                              SHA-512:75B2F6FFFBFA116DF001C0F594BA82A814ADBAF5707A875AD12AF9E35DA2C9F3397788FC267BC67CB9930DC13F247A5BEC52EBFC1C48AAFD8D50F177BFBF56D6
                                                                                              Malicious:false
                                                                                              Preview:if(window.location.hash.indexOf("develop=1")>-1){.. var lastMove = new Date().getTime();.. var checkMs = 10000;.. var idleMs = 10000;.. (function(){.. function checkActive() {.. var delta = new Date().getTime() - lastMove;.. if(document.visibilityState =='hidden') {.. window.setTimeout(checkActive,checkMs*10);.. return;.. }.. if (delta < idleMs) {.. window.setTimeout(checkActive,checkMs);.. return;.. }.. console.log("Reloading Due to Idle");.. window.location.reload();.. }.. window.setTimeout(checkActive,checkMs);.. document.addEventListener("mousemove",function(){.. lastMove = new Date().getTime();.. });.... })();.. //In Develop Mode we will fake the installation portion .. function FireEvent(cmd,a1,a2){.. switch(cmd){.. case "OnNext": .. window.setTi

                                                                                              C:\Users\user\AppData\Local\Temp\is-Q028I.tmp\html\js\knockout.js

                                                                                              Download File
                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              File Type:ASCII text, with very long lines (597), with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):68388
                                                                                              Entropy (8bit):5.378476646259453
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:XbVH9FzKSHwWJJvBl8fPGf2yrtTJGj9XF0LufvsboR1UYVjry:zF77/09h+YVny
                                                                                              MD5:052E3CBD4009F65055D36541CE9CC91D
                                                                                              SHA1:9DC0A7035AFD04236B673389833B6C56AFFD64E2
                                                                                              SHA-256:7EB9DAB1C04D4ABCE6749AD9D94DDD0690E3C99C6890F979F07EFE4775EE1EAB
                                                                                              SHA-512:5260EF11BA932C309C615CAAD7BB063F0A6D1D15376145AB1078C60A9DCA375B2BAF50BC741D31BD01C9B26C857F57EEB3266AE6ECF5E5A6C308E6C2C4739811
                                                                                              Malicious:false
                                                                                              Preview:/*!.. * Knockout JavaScript library v3.5.1.. * (c) The Knockout.js team - http://knockoutjs.com/.. * License: MIT (http://www.opensource.org/licenses/mit-license.php).. */....(function() {(function(n){var A=this||(0,eval)("this"),w=A.document,R=A.navigator,v=A.jQuery,H=A.JSON;v||"undefined"===typeof jQuery||(v=jQuery);(function(n){"function"===typeof define&&define.amd?define(["exports","require"],n):"object"===typeof exports&&"object"===typeof module?n(module.exports||exports):n(A.ko={})})(function(S,T){function K(a,c){return null===a||typeof a in W?a===c:!1}function X(b,c){var d;return function(){d||(d=a.a.setTimeout(function(){d=n;b()},c))}}function Y(b,c){var d;return function(){clearTimeout(d);..d=a.a.setTimeout(b,c)}}function Z(a,c){c&&"change"!==c?"beforeChange"===c?this.pc(a):this.gb(a,c):this.qc(a)}function aa(a,c){null!==c&&c.s&&c.s()}function ba(a,c){var d=this.qd,e=d[r];e.ra||(this.Qb&&this.mb[c]?(d.uc(c,a,this.mb[c]),this.mb[c]=null,--this.Qb):e.I[c]||d.uc(c,a,e.J?{da:a}:d

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                              Entropy (8bit):7.999416559350992
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) a (10002005/4) 98.45%
                                                                                              • Inno Setup installer (109748/4) 1.08%
                                                                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                              File name:Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
                                                                                              File size:91354864
                                                                                              MD5:0f14001e7b7c9a24c46296e25074b39a
                                                                                              SHA1:b10d1a303d0e9f481fd9bb675122c0dcd24f33d9
                                                                                              SHA256:3a3883dcdca19be0d1132e943682aece990494ce58e40d679b2a0b9cde481eff
                                                                                              SHA512:7ecd5aa169c3bc17f74b49951e201cf14cf115994b1e763cc02cf71080929696807bde45c583c355a41670a0a977a3078b251a1a783e6a5a3e458f49131119f1
                                                                                              SSDEEP:1572864:Dl7/l8tMEFBMv19JNKgUkoMm+q5s0fpbVMsINs03/OpZUuSASFe4bt6l4xnqKsm6:Dl7/zEcv19Jd/Dq5soVM5a0POpquSzFE
                                                                                              TLSH:EA18336E7220357CD16A197645B7E720D5B7BB72A0AACC0E83F1101ECF366218FBB516
                                                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:31e0d0c0d0c0e030

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4b5eec
                                                                                              Entrypoint Section:.itext
                                                                                              Digitally signed:true
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:6
                                                                                              OS Version Minor:1
                                                                                              File Version Major:6
                                                                                              File Version Minor:1
                                                                                              Subsystem Version Major:6
                                                                                              Subsystem Version Minor:1
                                                                                              Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                              Authenticode Signature

                                                                                              Signature Valid:true
                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                              Signature Validation Error:The operation completed successfully
                                                                                              Error Number:0
                                                                                              Not Before, Not After
                                                                                              • 3/17/2022 5:00:00 PM 3/22/2023 4:59:59 PM
                                                                                              Subject Chain
                                                                                              • CN="Tightrope Interactive, Inc.", O="Tightrope Interactive, Inc.", L=San Francisco, S=California, C=US
                                                                                              Version:3
                                                                                              Thumbprint MD5:C7AEA2AB5B6946FA378994299917AA53
                                                                                              Thumbprint SHA-1:4C6C207DCFA5A3FBC336F8356F951765EB058F05
                                                                                              Thumbprint SHA-256:5C8949BF3342C342CF080CF2D4D52C08565754B107E3D254E241AFF02A122BF4
                                                                                              Serial:030601E126B12C53A43E36369308C459
                                                                                              Instruction
                                                                                              push ebp
                                                                                              mov ebp, esp
                                                                                              add esp, FFFFFFA4h
                                                                                              push ebx
                                                                                              push esi
                                                                                              push edi
                                                                                              xor eax, eax
                                                                                              mov dword ptr [ebp-3Ch], eax
                                                                                              mov dword ptr [ebp-40h], eax
                                                                                              mov dword ptr [ebp-5Ch], eax
                                                                                              mov dword ptr [ebp-30h], eax
                                                                                              mov dword ptr [ebp-38h], eax
                                                                                              mov dword ptr [ebp-34h], eax
                                                                                              mov dword ptr [ebp-2Ch], eax
                                                                                              mov dword ptr [ebp-28h], eax
                                                                                              mov dword ptr [ebp-14h], eax
                                                                                              mov eax, 004B14B8h
                                                                                              call 00007F45C48DBF85h
                                                                                              xor eax, eax
                                                                                              push ebp
                                                                                              push 004B65E2h
                                                                                              push dword ptr fs:[eax]
                                                                                              mov dword ptr fs:[eax], esp
                                                                                              xor edx, edx
                                                                                              push ebp
                                                                                              push 004B659Eh
                                                                                              push dword ptr fs:[edx]
                                                                                              mov dword ptr fs:[edx], esp
                                                                                              mov eax, dword ptr [004BE634h]
                                                                                              call 00007F45C497EA77h
                                                                                              call 00007F45C497E5CAh
                                                                                              lea edx, dword ptr [ebp-14h]
                                                                                              xor eax, eax
                                                                                              call 00007F45C48F1A24h
                                                                                              mov edx, dword ptr [ebp-14h]
                                                                                              mov eax, 004C1D84h
                                                                                              call 00007F45C48D6B77h
                                                                                              push 00000002h
                                                                                              push 00000000h
                                                                                              push 00000001h
                                                                                              mov ecx, dword ptr [004C1D84h]
                                                                                              mov dl, 01h
                                                                                              mov eax, dword ptr [004238ECh]
                                                                                              call 00007F45C48F2BA7h
                                                                                              mov dword ptr [004C1D88h], eax
                                                                                              xor edx, edx
                                                                                              push ebp
                                                                                              push 004B654Ah
                                                                                              push dword ptr fs:[edx]
                                                                                              mov dword ptr fs:[edx], esp
                                                                                              call 00007F45C497EAFFh
                                                                                              mov dword ptr [004C1D90h], eax
                                                                                              mov eax, dword ptr [004C1D90h]
                                                                                              cmp dword ptr [eax+0Ch], 01h
                                                                                              jne 00007F45C4984D1Ah
                                                                                              mov eax, dword ptr [004C1D90h]
                                                                                              mov edx, 00000028h
                                                                                              call 00007F45C48F349Ch
                                                                                              mov edx, dword ptr [004C1D90h]
                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000xa9a0.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x571cd980x2958
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x10000xb39e40xb3a00False0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .itext0xb50000x16880x1800False0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .data0xb70000x37a40x3800False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .bss0xbb0000x6de80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .idata0xc20000xfdc0x1000False0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .didata0xc30000x1a40x200False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .edata0xc40000x9a0x200False0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                              .rdata0xc60000x5d0x200False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xc70000xa9a00xaa00False0.5391084558823529data5.937795427418201IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              NameRVASizeTypeLanguageCountry
                                                                                              RT_ICON0xc74f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States
                                                                                              RT_ICON0xc79600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States
                                                                                              RT_ICON0xc82e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States
                                                                                              RT_ICON0xc93900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States
                                                                                              RT_ICON0xcb9380x30c8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                              RT_STRING0xcea000x360data
                                                                                              RT_STRING0xced600x260data
                                                                                              RT_STRING0xcefc00x45cdata
                                                                                              RT_STRING0xcf41c0x40cdata
                                                                                              RT_STRING0xcf8280x2d4data
                                                                                              RT_STRING0xcfafc0xb8data
                                                                                              RT_STRING0xcfbb40x9cdata
                                                                                              RT_STRING0xcfc500x374data
                                                                                              RT_STRING0xcffc40x398data
                                                                                              RT_STRING0xd035c0x368data
                                                                                              RT_STRING0xd06c40x2a4data
                                                                                              RT_RCDATA0xd09680x10data
                                                                                              RT_RCDATA0xd09780x2c4data
                                                                                              RT_RCDATA0xd0c3c0x2cdata
                                                                                              RT_GROUP_ICON0xd0c680x4cdataEnglishUnited States
                                                                                              RT_VERSION0xd0cb40x584dataEnglishUnited States
                                                                                              RT_MANIFEST0xd12380x765XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                              DLLImport
                                                                                              kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                              comctl32.dllInitCommonControls
                                                                                              version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                              user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                              oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                              netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                              advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW
                                                                                              NameOrdinalAddress
                                                                                              TMethodImplementationIntercept30x4541a8
                                                                                              __dbk_fcall_wrapper20x40d0a0
                                                                                              dbkFCallWrapperAddr10x4be63c

                                                                                              Possible Origin

                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              EnglishUnited States

                                                                                              Network Behavior

                                                                                              Download Network PCAP: filteredfull

                                                                                              Network Port Distribution

                                                                                              • Total Packets: 11
                                                                                              • 443 (HTTPS)
                                                                                              • 53 (DNS)
                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 8, 2022 21:31:51.842259884 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:51.842315912 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:51.842439890 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:51.935818911 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:51.935875893 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.339371920 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.339624882 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:52.385598898 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:52.385652065 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.386152029 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.562119007 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:52.730663061 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:52.730686903 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.848001003 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:52.849301100 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:52.849322081 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:53.115044117 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:53.115197897 CET443496983.214.36.77192.168.2.3
                                                                                              Dec 8, 2022 21:31:53.115272999 CET49698443192.168.2.33.214.36.77
                                                                                              Dec 8, 2022 21:31:53.115982056 CET49698443192.168.2.33.214.36.77
                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 8, 2022 21:31:51.477472067 CET6270453192.168.2.38.8.8.8
                                                                                              Dec 8, 2022 21:31:51.497706890 CET53627048.8.8.8192.168.2.3

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Dec 8, 2022 21:31:51.477472067 CET192.168.2.38.8.8.80x863cStandard query (0)0srzroz2i7.execute-api.us-east-1.amazonaws.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Dec 8, 2022 21:31:51.497706890 CET8.8.8.8192.168.2.30x863cNo error (0)0srzroz2i7.execute-api.us-east-1.amazonaws.com3.214.36.77A (IP address)IN (0x0001)false
                                                                                              Dec 8, 2022 21:31:51.497706890 CET8.8.8.8192.168.2.30x863cNo error (0)0srzroz2i7.execute-api.us-east-1.amazonaws.com52.87.131.32A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • 0srzroz2i7.execute-api.us-east-1.amazonaws.com

                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                              0192.168.2.3496983.214.36.77443C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              TimestampkBytes transferredDirectionData
                                                                                              2022-12-08 20:31:52 UTC0OUTPOST /api/v1/events?installId=50014048-F3CB-4E84-BB4D121EE644E142 HTTP/1.1
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Host: 0srzroz2i7.execute-api.us-east-1.amazonaws.com
                                                                                              Content-Length: 390
                                                                                              Expect: 100-continue
                                                                                              Connection: Keep-Alive
                                                                                              2022-12-08 20:31:52 UTC0INHTTP/1.1 100 Continue
                                                                                              2022-12-08 20:31:52 UTC0OUTData Raw: 7b 22 74 72 61 63 6b 69 6e 67 49 64 22 3a 22 55 41 2d 31 37 39 32 37 39 38 30 38 2d 31 22 2c 22 74 72 61 63 6b 69 6e 67 56 65 72 73 69 6f 6e 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 35 30 30 31 34 30 34 38 2d 46 33 43 42 2d 34 45 38 34 2d 42 42 34 44 31 32 31 45 45 36 34 34 45 31 34 32 22 2c 22 61 70 70 4e 61 6d 65 22 3a 22 43 6c 65 61 72 22 2c 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 31 2e 30 2e 35 2e 36 22 2c 22 62 6c 64 52 65 76 22 3a 22 39 65 35 31 34 63 39 38 31 39 66 61 61 30 62 38 39 64 35 66 66 35 37 33 35 37 61 35 39 65 36 64 37 35 35 32 30 64 34 65 22 2c 22 62 72 61 6e 64 22 3a 22 65 61 73 79 70 72 69 6e 74 5f 43 6c 65 61 72 42 61 72 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 31 2e 30 2e 35 2e 36 22 2c 22 73 69 67 22 3a 22 43 6c 69 66 66
                                                                                              Data Ascii: {"trackingId":"UA-179279808-1","trackingVersion":1,"installId":"50014048-F3CB-4E84-BB4D121EE644E142","appName":"Clear","appVersion":"1.0.5.6","bldRev":"9e514c9819faa0b89d5ff57357a59e6d75520d4e","brand":"easyprint_ClearBar","version":"1.0.5.6","sig":"Cliff
                                                                                              2022-12-08 20:31:53 UTC0INHTTP/1.1 200 OK
                                                                                              Date: Thu, 08 Dec 2022 20:31:53 GMT
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Content-Length: 752
                                                                                              Connection: close
                                                                                              X-Powered-By: Express
                                                                                              etag: W/"2f0-wre2BLbEZ78FbFeRnXKITrqx6Ug"
                                                                                              Apigw-Requestid: c2B07g2jIAMESRg=
                                                                                              {"trackingId":"UA-179279808-1","trackingVersion":1,"installId":"50014048-F3CB-4E84-BB4D121EE644E142","appName":"Clear","appVersion":"1.0.5.6","bldRev":"9e514c9819faa0b89d5ff57357a59e6d75520d4e","brand":"easyprint_ClearBar","version":"1.0.5.6","sig":"Cliff","UIVariant":"HtmlPage","type":"event","category":"installer","action":"pageview","value":0,"page":"welcome","from":null,"duration":0,"useragent":{"browser":"unknown","version":"unknown","os":"unknown","platform":"unknown"},"geo":{"countryCode":"CH","countryCode2":"CHE","countryCode3":"CH","countryName":"Switzerland","stateCode":"ZH","state":"Zurich","city":"Zurich","postalCode":{"code":"8070"},"latitude":"47.3682","longitude":"8.5671","areaCode":"","dmaCode":null},"timestamp":1670531512988}


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              • File
                                                                                              • Registry
                                                                                              • Network

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:21:31:34
                                                                                              Start date:08/12/2022
                                                                                              Path:C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe
                                                                                              Imagebase:0x400000
                                                                                              File size:91354864 bytes
                                                                                              MD5 hash:0F14001E7B7C9A24C46296E25074B39A
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Borland Delphi
                                                                                              Reputation:low
                                                                                              Show Windows behavior

                                                                                              File Activities

                                                                                              Show Windows behavior

                                                                                              Section Activities

                                                                                              Show Windows behavior

                                                                                              Registry Activities

                                                                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                              Show Windows behavior

                                                                                              Process Activities

                                                                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                              Show Windows behavior

                                                                                              Memory Activities

                                                                                              Show Windows behavior

                                                                                              System Activities

                                                                                              Show Windows behavior

                                                                                              Windows UI Activities

                                                                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                              General

                                                                                              Target ID:1
                                                                                              Start time:21:31:35
                                                                                              Start date:08/12/2022
                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-K4DPJ.tmp\Clear-EasyPrint.b7002.ntclear.SK001.ch.tmp" /SL5="$702A4,90456719,806400,C:\Users\user\Desktop\Clear-EasyPrint.b7002.ntclear.SK001.ch.exe"
                                                                                              Imagebase:0x400000
                                                                                              File size:3150168 bytes
                                                                                              MD5 hash:032A47886B37474C68E22C9C9FD2D1C3
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:Borland Delphi
                                                                                              Antivirus matches:
                                                                                              • Detection: 2%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Show Windows behavior

                                                                                              File Activities

                                                                                              Show Windows behavior

                                                                                              Section Activities

                                                                                              Show Windows behavior

                                                                                              Registry Activities

                                                                                              Show Windows behavior

                                                                                              Mutex Activities

                                                                                              Show Windows behavior

                                                                                              Process Activities

                                                                                              Show Windows behavior

                                                                                              Thread Activities

                                                                                              Show Windows behavior

                                                                                              Memory Activities

                                                                                              Show Windows behavior

                                                                                              System Activities

                                                                                              Show Windows behavior

                                                                                              Timing Activities

                                                                                              Show Windows behavior

                                                                                              Windows UI Activities

                                                                                              Show Windows behavior

                                                                                              Network Activities

                                                                                              Process Token Activities

                                                                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                              Disassembly

                                                                                              Execution Graph

                                                                                              Execution Coverage

                                                                                              Dynamic/Packed Code Coverage

                                                                                              Signature Coverage

                                                                                              Execution Coverage:10.3%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:78
                                                                                              Total number of Limit Nodes:7
                                                                                              Show Legend
                                                                                              Hide Nodes/Edges
                                                                                              execution_graph 7009 35fd838 7010 35fd866 7009->7010 7011 35fd932 KiUserCallbackDispatcher 7010->7011 7012 35fd937 7010->7012 7011->7012 7015 35fcb28 GetCurrentProcess 7016 35fcb9b 7015->7016 7017 35fcba2 GetCurrentThread 7015->7017 7016->7017 7018 35fcbdf GetCurrentProcess 7017->7018 7019 35fcbd8 7017->7019 7021 35fcc15 7018->7021 7019->7018 7020 35fcc3d GetCurrentThreadId 7022 35fcc6e 7020->7022 7021->7020 7013 35fcd50 DuplicateHandle 7014 35fcde6 7013->7014 7023 35f5040 7024 35f504a 7023->7024 7028 35f5180 7023->7028 7032 35f4bdc 7024->7032 7026 35f5065 7029 35f51a5 7028->7029 7036 35f5280 7029->7036 7033 35f4be7 7032->7033 7044 35f64ac 7033->7044 7035 35f7e2d 7035->7026 7037 35f52a7 7036->7037 7038 35f5384 7037->7038 7040 35f4c1c 7037->7040 7041 35f6710 CreateActCtxA 7040->7041 7043 35f67d3 7041->7043 7043->7043 7045 35f64b7 7044->7045 7048 35f64dc 7045->7048 7047 35f7edd 7047->7035 7049 35f64e7 7048->7049 7052 35f650c 7049->7052 7051 35f7fba 7051->7047 7053 35f6517 7052->7053 7056 35f653c 7053->7056 7055 35f80aa 7055->7051 7057 35f6547 7056->7057 7059 35f87be 7057->7059 7063 35fa9a0 7057->7063 7066 35faad0 7057->7066 7058 35f87fc 7058->7055 7059->7058 7071 35fc853 7059->7071 7076 35fa9d8 7063->7076 7068 35faae3 7066->7068 7067 35faafb 7067->7059 7068->7067 7069 35facf8 GetModuleHandleW 7068->7069 7070 35fad25 7069->7070 7070->7059 7072 35fc7fd 7071->7072 7073 35fc85a 7071->7073 7072->7058 7074 35fc8a5 7073->7074 7079 35fca10 7073->7079 7074->7058 7078 35faad0 GetModuleHandleW 7076->7078 7077 35fa9b6 7077->7059 7078->7077 7081 35fca1d 7079->7081 7082 35fca57 7081->7082 7083 35fbea4 7081->7083 7082->7074 7084 35fbeaf 7083->7084 7085 35fd348 7084->7085 7087 35fbf8c 7084->7087 7088 35fbf97 7087->7088 7089 35f653c GetModuleHandleW 7088->7089 7090 35fd3b7 7089->7090 7095 35fbf9c 7090->7095 7092 35fd3df 7100 35ff10b 7092->7100 7093 35fd3f0 7093->7085 7098 35fbfa7 7095->7098 7096 35fd67c GetModuleHandleW 7097 35fe934 7096->7097 7097->7092 7098->7096 7099 35fe939 7098->7099 7099->7092 7101 35ff0ec 7100->7101 7102 35ff116 7100->7102 7101->7093 7103 35ff155 7102->7103 7104 35ff598 GetModuleHandleW 7102->7104 7105 35fa9a0 GetModuleHandleW 7102->7105 7106 35faad0 GetModuleHandleW 7102->7106 7103->7093 7104->7103 7105->7103 7106->7103

                                                                                              Executed Functions

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 362 35fd69c-35fec52 366 35fec58-35fec7d call 35fd72c 362->366 367 35fef03-35fef0a 362->367 371 35fec7f-35fec83 366->371 372 35fec89-35fec8b 366->372 371->372 373 35fee45-35fee47 371->373 374 35fec8d-35fec97 372->374 375 35fec99 372->375 377 35fee49-35fee51 373->377 378 35fee53 373->378 376 35fec9e-35feca3 374->376 375->376 379 35feca5-35fecb3 376->379 380 35fece2-35fece4 376->380 381 35fee55-35fee57 377->381 378->381 379->380 389 35fecb5-35fecbe call 35fd738 379->389 383 35fece6-35fecea 380->383 384 35fecf3-35fecfa 380->384 381->367 382 35fee5d-35feee9 call 35fd774 call 35fd748 381->382 382->367 417 35feeeb-35feefe call 35fd754 call 35fd790 382->417 383->384 384->367 386 35fed00-35fed02 384->386 387 35fed77-35fedcb call 35fd774 386->387 388 35fed04-35fed4e call 35fd748 386->388 403 35fedcd-35fedd4 call 35fd780 387->403 404 35fedd9-35fee19 call 35fd748 387->404 411 35fed68-35fed76 call 35fd4c4 388->411 412 35fed50-35fed63 call 35fd754 call 35fd764 388->412 389->380 399 35fecc0-35fecd9 389->399 399->380 403->404 424 35fee21-35fee23 404->424 412->411 417->367 426 35fee3d-35fee44 424->426 427 35fee25-35fee38 call 35fd754 call 35fd790 424->427 427->426
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 49e22a0bcf86c51e7a223cd765891e0b0a2ece8e24e60db87ce6830c07e5969a
                                                                                              • Instruction ID: 219b1a6984453058042ce77bf8e52fde85553683ad6934ca6cf8f3c3af1e114b
                                                                                              • Opcode Fuzzy Hash: 49e22a0bcf86c51e7a223cd765891e0b0a2ece8e24e60db87ce6830c07e5969a
                                                                                              • Instruction Fuzzy Hash: 0BA15C36E1061ACFCF05DFA5D84459EBBF6FF85304B15856AEA05AF234EB31A909CB40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 035FCB88
                                                                                              • GetCurrentThread.KERNEL32 ref: 035FCBC5
                                                                                              • GetCurrentProcess.KERNEL32 ref: 035FCC02
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 035FCC5B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: 693bfb72b8c8e5482b91c3abffe0f091c67639c0c4f2f8447fb8c99443425f15
                                                                                              • Instruction ID: 593fdd2e711099e7b08cbedc598e69f364dbc22ba2e5d744547b76dc4ade51f7
                                                                                              • Opcode Fuzzy Hash: 693bfb72b8c8e5482b91c3abffe0f091c67639c0c4f2f8447fb8c99443425f15
                                                                                              • Instruction Fuzzy Hash: 9D6175B4A00209CFCB00CFA9E548BDEBBF1FF89304F248469E509A77A0C7346949CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 035FCB88
                                                                                              • GetCurrentThread.KERNEL32 ref: 035FCBC5
                                                                                              • GetCurrentProcess.KERNEL32 ref: 035FCC02
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 035FCC5B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: 48167a471689246ec85a58dff0dd1d316a583c80b254cf918b1d1a066e9f66f1
                                                                                              • Instruction ID: f00da6ceed335ff0633ab9933784fdd1be865e3c7ea34a8f3e368adb7299edef
                                                                                              • Opcode Fuzzy Hash: 48167a471689246ec85a58dff0dd1d316a583c80b254cf918b1d1a066e9f66f1
                                                                                              • Instruction Fuzzy Hash: AB5154B4A002098FDB50CFA9D588BDEBBF1BF89314F248469E519A7760C7346848CF65
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 035FAD16
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: f4ebe2b23d9aa0ee85f1c4d4e19312052bec0ac24469cd7fd35d8d6aaa8ee810
                                                                                              • Instruction ID: 30a5a639a7a8520b5f6f6b8ff36539f0181ad1c9cb369f46f1395260fcd1a40f
                                                                                              • Opcode Fuzzy Hash: f4ebe2b23d9aa0ee85f1c4d4e19312052bec0ac24469cd7fd35d8d6aaa8ee810
                                                                                              • Instruction Fuzzy Hash: 9E714774A10B058FDB24DF29E44475AB7F2BF88204F14892ED58ADBB60DB34E845CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 100 35f6704-35f678b 102 35f6793-35f67d1 CreateActCtxA 100->102 103 35f67da-35f6834 102->103 104 35f67d3-35f67d9 102->104 111 35f6836-35f6839 103->111 112 35f6843-35f6847 103->112 104->103 111->112 113 35f6849-35f6855 112->113 114 35f6858 112->114 113->114 115 35f6859 114->115 115->115
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 035F67C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: e8750896d373d65327ce3e91dae9d3eda6d206edbfabb53c0c3a4ae30ac3d5f8
                                                                                              • Instruction ID: 7e52af0b5a0dedeffa06427dcd0acc25b4eb32a52d2f9ec398c5ac6668320bcb
                                                                                              • Opcode Fuzzy Hash: e8750896d373d65327ce3e91dae9d3eda6d206edbfabb53c0c3a4ae30ac3d5f8
                                                                                              • Instruction Fuzzy Hash: 0541E1B1C00219CFDB24DFA9C884BCEBBF5BF49308F24846AD558AB251DB75594ACF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 117 35f4c1c-35f67d1 CreateActCtxA 120 35f67da-35f6834 117->120 121 35f67d3-35f67d9 117->121 128 35f6836-35f6839 120->128 129 35f6843-35f6847 120->129 121->120 128->129 130 35f6849-35f6855 129->130 131 35f6858 129->131 130->131 132 35f6859 131->132 132->132
                                                                                              APIs
                                                                                              • CreateActCtxA.KERNEL32(?), ref: 035F67C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: 05c8c550b9432fee2c854c0c3ce1e9b4c81f1295748eaef377d7048a4e7eb2da
                                                                                              • Instruction ID: 72817db2c0d052373406bfa3c68e13895984787e3ba98fda46eeba8b0fae9818
                                                                                              • Opcode Fuzzy Hash: 05c8c550b9432fee2c854c0c3ce1e9b4c81f1295748eaef377d7048a4e7eb2da
                                                                                              • Instruction Fuzzy Hash: 7141E2B0C0021DCFDB24DFA9C884B8EBBF5BF48308F20805AD519AB251DB75694ACF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 134 35fcd50-35fcde4 DuplicateHandle 135 35fcded-35fce0a 134->135 136 35fcde6-35fcdec 134->136 136->135
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 035FCDD7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: 58f710e66791c78d3d53c6887b5a59aae931b921d9de8a20cdf41e431203f415
                                                                                              • Instruction ID: 463338ee5e943860d737fa44269c23c2a66770dfef421f0a197511cd400268af
                                                                                              • Opcode Fuzzy Hash: 58f710e66791c78d3d53c6887b5a59aae931b921d9de8a20cdf41e431203f415
                                                                                              • Instruction Fuzzy Hash: 0721B0B59002489FDB10CFAAD884ADEBBF8FB49324F14841AE914A3710D778A954CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 139 35facb0-35facf0 140 35facf8-35fad23 GetModuleHandleW 139->140 141 35facf2-35facf5 139->141 142 35fad2c-35fad40 140->142 143 35fad25-35fad2b 140->143 141->140 143->142
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 035FAD16
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528591241.00000000035F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_35f0000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: a94c81f452219ed857337552d1d625dd543a933f67d075552957fcd569154d86
                                                                                              • Instruction ID: cc7d57462a6cf1bc39a0ab6c044b7e7dd5b4a9a94907c90f1b912401fa81a9dc
                                                                                              • Opcode Fuzzy Hash: a94c81f452219ed857337552d1d625dd543a933f67d075552957fcd569154d86
                                                                                              • Instruction Fuzzy Hash: 0B110FB6D002498FCB10CF9AD444BDEFBF4AF89224F14841AD829A7610C378A545CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528192986.000000000358D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0358D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_358d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7dadb324efa87b086abb03a1f929c15d059e2377c451ec3a73edb2c47d2affa6
                                                                                              • Instruction ID: 73c24e3ad24835cbf6c7cc536682582939e29d4f4faf600015e8e649588ec1bb
                                                                                              • Opcode Fuzzy Hash: 7dadb324efa87b086abb03a1f929c15d059e2377c451ec3a73edb2c47d2affa6
                                                                                              • Instruction Fuzzy Hash: 2721F871504240DFDB05DF14E9C0B17BBF5FB88328F2485AAE9055B2A6C336D856CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dceee4af2e06854e9edd118ff78b6af3d932b5184ac8d9a170430f2e6f69ab4b
                                                                                              • Instruction ID: a4ce93e8626d74aeab0f8b20ce3decff01c8adec0f954a72c915d136a5ecc5a0
                                                                                              • Opcode Fuzzy Hash: dceee4af2e06854e9edd118ff78b6af3d932b5184ac8d9a170430f2e6f69ab4b
                                                                                              • Instruction Fuzzy Hash: 2F21C275504240EFEF04DF10E9C0B26BBB5FB84214F24C9AEE8494F666C736D846CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23f74e44d748ebaebedba5d1ff2a51aa00c22148bc6423b42992eb0575831acf
                                                                                              • Instruction ID: 45ab622421defcf1e352753aeb3584d67e12e6e8d72fc7dbb7fe5a85353af9fd
                                                                                              • Opcode Fuzzy Hash: 23f74e44d748ebaebedba5d1ff2a51aa00c22148bc6423b42992eb0575831acf
                                                                                              • Instruction Fuzzy Hash: 2221C575504240DFEF04CF54E9C0B26BBB5FB84314F24C9AED9094B666C336D846CA61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a4b92afe644a298651f824c5165fa61eabf8bf347b874b6d64da9f9d86113ac
                                                                                              • Instruction ID: 9eea8f20bab56c28a60751460496e687034322dc33a7e52e5ec964ebe19342ee
                                                                                              • Opcode Fuzzy Hash: 4a4b92afe644a298651f824c5165fa61eabf8bf347b874b6d64da9f9d86113ac
                                                                                              • Instruction Fuzzy Hash: 4621C575504244DFEF04DF14E5C0B26BBB9FB84618F24CAAEE8494B656C336D846CA61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7529b4f055f1eb974f3da9ac16a263d6c8f3752229f30940733248eef1ce423e
                                                                                              • Instruction ID: 967fa76128ed7219d6f921654fdcb5f1a13ea0314991ea2d86618de58f01a5d7
                                                                                              • Opcode Fuzzy Hash: 7529b4f055f1eb974f3da9ac16a263d6c8f3752229f30940733248eef1ce423e
                                                                                              • Instruction Fuzzy Hash: DA21D1B1504280DFEF10CB14E9C1B26FBA9FB84714F24896AD8094B355C336E846C7A2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 236e162e3c828ea087733f7483bb69db9e0ad17351375e480464e1fa7abbd16a
                                                                                              • Instruction ID: 88ebdb83948908404981cf0b13417e94ff64d2a4e5a989b4be7bf5acd4841f64
                                                                                              • Opcode Fuzzy Hash: 236e162e3c828ea087733f7483bb69db9e0ad17351375e480464e1fa7abbd16a
                                                                                              • Instruction Fuzzy Hash: A521C6B6504680DFEF04DF14E9C0B26BBF9FB84614F24896AD8094B655C33AD846D6A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9053f3c16b1153fdeb30b1c62c596d58e2e33025ce5a7a936adec934a774cf81
                                                                                              • Instruction ID: 117a7cf70729ebd55e50de7aa432a239df8867a5a079bca813a2a6692bd9d535
                                                                                              • Opcode Fuzzy Hash: 9053f3c16b1153fdeb30b1c62c596d58e2e33025ce5a7a936adec934a774cf81
                                                                                              • Instruction Fuzzy Hash: 6521C6B5508344DFEF04DF18E9C0B16BBB9FB44314F24C9AAED094B666C33AD865C661
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 54586ab249d0e83adf637b628fbf14dbc19eae88228943623c3e6ef43e76ebec
                                                                                              • Instruction ID: c37a016efb3c5df48bf2dbc86545bf25fc2cdae0affc0f32a17b68a4a6ebca1c
                                                                                              • Opcode Fuzzy Hash: 54586ab249d0e83adf637b628fbf14dbc19eae88228943623c3e6ef43e76ebec
                                                                                              • Instruction Fuzzy Hash: E32105B5604344DFEF00CF14E5C0B2ABBF9FB84614F25C9AED8094B655C33AE806C6A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 67ae4bb8866243d21aecb7bc917bb21012eab04a903ad56c00c582b774868cde
                                                                                              • Instruction ID: 263c1292956390088ed1fe25bed2eceb69aff08188e9bde80c28fa80bcc58c4c
                                                                                              • Opcode Fuzzy Hash: 67ae4bb8866243d21aecb7bc917bb21012eab04a903ad56c00c582b774868cde
                                                                                              • Instruction Fuzzy Hash: 1321D5B5504284DFEB04CF14E6C4B2AFBB9FB84714F24896AD9094B651C37AD846C6A2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 452fa2157f728d0679af6eede115bb9192768a02a185ff5269c6b1063cb7e164
                                                                                              • Instruction ID: f40e5049c528183ec6367ede9627cd6c23368723378a3ab7f0452c3d689dde95
                                                                                              • Opcode Fuzzy Hash: 452fa2157f728d0679af6eede115bb9192768a02a185ff5269c6b1063cb7e164
                                                                                              • Instruction Fuzzy Hash: CE1126B05043449FEF10DF24E9C4B26BBF8FB44214F258AAED4094B251E33AD447C662
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cc9630ad23bd2feaa9ad77aa72c2a9903ecfb462f6b6c3434f109d64bb31ae9d
                                                                                              • Instruction ID: 2e463216d5a912cad8a8c2343e72fedc84a3c3234501126576c71cddab23d14f
                                                                                              • Opcode Fuzzy Hash: cc9630ad23bd2feaa9ad77aa72c2a9903ecfb462f6b6c3434f109d64bb31ae9d
                                                                                              • Instruction Fuzzy Hash: BB1108B15047849FEF14EF14E9C4B26BBF8F784618F248AAFD40D4B651C73AD445C6A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528192986.000000000358D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0358D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_358d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 13237dc7ef11b713164552c55a6a98716d322990b301c0d0127ba81f65d1ed2f
                                                                                              • Instruction ID: 54e8f1add3514df44355755fc4f3f9fda6ccec8a2f6a1608d50d9e42597a3a5d
                                                                                              • Opcode Fuzzy Hash: 13237dc7ef11b713164552c55a6a98716d322990b301c0d0127ba81f65d1ed2f
                                                                                              • Instruction Fuzzy Hash: DA11D376504280DFDF11DF10E5C4B16BFB1FB84324F28C6AAD8091B666C33AD456CBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528155855.0000000003583000.00000040.00000800.00020000.00000000.sdmp, Offset: 03583000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_3583000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f54f2eef11c66c07ee6bd6031d59bfd954258526ad88b82d9b80ccaa6ded4613
                                                                                              • Instruction ID: ec8d86e37998f64537cabadc8da6a7434072b88282f2fc88b7e9af2c80c2680e
                                                                                              • Opcode Fuzzy Hash: f54f2eef11c66c07ee6bd6031d59bfd954258526ad88b82d9b80ccaa6ded4613
                                                                                              • Instruction Fuzzy Hash: AE119D751497C0DFE712CB55D890B52BFB8EB42A10F19849BD9849B663C36CA844CB72
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528155855.0000000003583000.00000040.00000800.00020000.00000000.sdmp, Offset: 03583000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_3583000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f6b8e8f9cee0d5bddfdc42d54ab88e0f373f25c74ccfcfbc86ad9d5410e87964
                                                                                              • Instruction ID: 3b8f0940a556768508ad4b8471194f09879e135086741baf11438c7965aaf1f2
                                                                                              • Opcode Fuzzy Hash: f6b8e8f9cee0d5bddfdc42d54ab88e0f373f25c74ccfcfbc86ad9d5410e87964
                                                                                              • Instruction Fuzzy Hash: 30110279504784DFE720DF45D884B62FBA8FB44B24F18C85EE9496B612C37DA844CBB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction ID: 7f9e9c18dd87225dac1228c5db56a230f6251fd85fadf82848e3ef8133ffc35e
                                                                                              • Opcode Fuzzy Hash: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction Fuzzy Hash: 11119D75504280DFDF01DF14D5C4B15FBB5FB85314F28C6AAD8494B666C33AD84ACBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 95b996dd5b0fc2e12712c52acd6e5fb61c855701a00c29de22ff293de4169973
                                                                                              • Instruction ID: 4aae2ca611c00eaa343568eeca7bf93a7492d5ca85ec51652fcb27ca787fcb7d
                                                                                              • Opcode Fuzzy Hash: 95b996dd5b0fc2e12712c52acd6e5fb61c855701a00c29de22ff293de4169973
                                                                                              • Instruction Fuzzy Hash: 5F1194715093C08FEB12DF24D594715BFB0FB46214F2986EBC4858B6A3D33E944AC762
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction ID: 13d6741f59807f19f1f5e93f0670b8d6ba5535359c4933f6db873051d5f18d96
                                                                                              • Opcode Fuzzy Hash: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction Fuzzy Hash: 76118B79504280DFDF01CF10E9C4B15FBB1FB85214F28C6AAD8494B666C33AD44ACBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction ID: 02f54ed33ce383bb7b90664d94db01a5329e06c7e7c860b4dc78c6bce3e9d396
                                                                                              • Opcode Fuzzy Hash: ec47ebab97de865d0513ee2b42576932c38c73b435be5f8a8d59824306b2aad3
                                                                                              • Instruction Fuzzy Hash: D0118B75904280DFDB01CF10E5D4B15FBB1FB84224F28C6EAD8494B667C33AD44ACBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction ID: bae80d4513dc03cc6d389c954a728b5dfe7731acf4beb4a52050d6ce1eaad54c
                                                                                              • Opcode Fuzzy Hash: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction Fuzzy Hash: 33110676504680CFEB01CF14E6C0B16FBB1FB85314F28C6AAC8484B656C33AD44ACB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction ID: 7888f85a9858f896e7908880d310b5acbecf699fb232c40131b387a3427f1014
                                                                                              • Opcode Fuzzy Hash: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction Fuzzy Hash: 5D11E375504280CFDB11CF14E9C0B16FB61FB85714F28C6AAC8484B756C339D84ACB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 34f064de0f95c17fcd1bc83c721e9f8e159ab8395acc9a6cc2f1b82eb60e3efe
                                                                                              • Instruction ID: 485dadc53e56f7ce0b34a2898b5993591c5bcd51b22a5dc3663fc575c0207eee
                                                                                              • Opcode Fuzzy Hash: 34f064de0f95c17fcd1bc83c721e9f8e159ab8395acc9a6cc2f1b82eb60e3efe
                                                                                              • Instruction Fuzzy Hash: E711BF75508284DFDF01CF14D9C4B15BBB1FB44214F28C6AADC094A666C33AD45ACB62
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction ID: 2ccaaeb0c9635ae698e34627117b32dc168db79443a403c8713a078b9e88bcfb
                                                                                              • Opcode Fuzzy Hash: f965847e7e9349d8fe3dbf7538f53737f0b40dc5abf6d3b71e222342754f7aeb
                                                                                              • Instruction Fuzzy Hash: 0311E375504380CFDB01CF14E6C0B16FBB1FB85314F29C6AAC8494BA56C339D40ACB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 456764d8c0f0383775d273d7a517d99a3066b746d3153d2092d53502a66a7216
                                                                                              • Instruction ID: 7fc2556243c9763e1d596aa34bfe9659f422687569847fd5340374109a91a2e3
                                                                                              • Opcode Fuzzy Hash: 456764d8c0f0383775d273d7a517d99a3066b746d3153d2092d53502a66a7216
                                                                                              • Instruction Fuzzy Hash: B411C675504284CFDB11CF14E6C4B19FBB5FB85614F28C6AAD84847652C37AD44ACB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528251600.000000000359D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0359D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_359d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ce8cbb002802b68fd3a6d919fc45185818caad726c5e4bbc457839f0ecc0b4d8
                                                                                              • Instruction ID: f2edfc34dd7e3db2a567eaabd477b0bde8485058c04f779bd0ce5c35bc70c33c
                                                                                              • Opcode Fuzzy Hash: ce8cbb002802b68fd3a6d919fc45185818caad726c5e4bbc457839f0ecc0b4d8
                                                                                              • Instruction Fuzzy Hash: 3001D6B55047848FEF11DF14E5C4B25BFB4FB80314F2886AAD8494B652D33AD446CBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528192986.000000000358D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0358D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_358d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1be34c6c83029fc58e8de6e91c95c68e7dc62d4583fd713e1ff76265783e3cc2
                                                                                              • Instruction ID: 555978d5fb4a89e931b12e4e6b51f850b6966c28bc2e5f4af3da2f50f092b28e
                                                                                              • Opcode Fuzzy Hash: 1be34c6c83029fc58e8de6e91c95c68e7dc62d4583fd713e1ff76265783e3cc2
                                                                                              • Instruction Fuzzy Hash: 9301A7315087449AEB10DB15EC84B67FBE8FF41624F18C459ED046B6A6C7799844CAB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.528192986.000000000358D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0358D000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_358d000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1b2b2243c8e6f73bd70bd607c5223b6e643bf4f85e1e71d917ccfb0d0a41ca0
                                                                                              • Instruction ID: 9802e58ddb6fe7ba293cf5f9f9ce76257fa962e4484503eb3fcd822c208c9946
                                                                                              • Opcode Fuzzy Hash: f1b2b2243c8e6f73bd70bd607c5223b6e643bf4f85e1e71d917ccfb0d0a41ca0
                                                                                              • Instruction Fuzzy Hash: 88F062714043849BEB109B15DCC4B63FBE8EB41624F18C45AED085B696C3799C44CAB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.533588594.0000000006422000.00000020.00000001.01000000.00000007.sdmp, Offset: 06420000, based on PE: true
                                                                                              • Associated: 00000001.00000002.533574867.0000000006420000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.533775338.0000000006452000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.533805150.0000000006454000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6420000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0f0563ce3975b0cb1d7ea9df2d9fb30391c41e3eac2065ed317b749f24115cc2
                                                                                              • Instruction ID: e509ee52469e5e254343444efe39025e17212729189fcb9778928b95795f6102
                                                                                              • Opcode Fuzzy Hash: 0f0563ce3975b0cb1d7ea9df2d9fb30391c41e3eac2065ed317b749f24115cc2
                                                                                              • Instruction Fuzzy Hash: EF225CE3C492915BD3168A24CC8338A7BA2A93E3707DF4D9990F1F5752FA24C1159A3F
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.533588594.0000000006422000.00000020.00000001.01000000.00000007.sdmp, Offset: 06420000, based on PE: true
                                                                                              • Associated: 00000001.00000002.533574867.0000000006420000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.533775338.0000000006452000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.533805150.0000000006454000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6420000_Clear-EasyPrint.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d647467fd4dbddadb9994051500bed87af30ae79c185fdc59ccebd97a34f01dd
                                                                                              • Instruction ID: 35df9277f587732e65d67c9c52ea181a847e3eaba20aa575816162fbb4a71ad0
                                                                                              • Opcode Fuzzy Hash: d647467fd4dbddadb9994051500bed87af30ae79c185fdc59ccebd97a34f01dd
                                                                                              • Instruction Fuzzy Hash: 7121801008F3D29BC7138B78C8A9983FF91AE4322475A85DED4D08F457D1A9125ADF53
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%