Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup-lightshot 1.exe

Overview

General Information

Sample name:setup-lightshot 1.exe
Analysis ID:1520341
MD5:a1f6923e771b4ff0df9fec9555f97c65
SHA1:545359cd68d0ee37f4b15e1a22c2c9a5fda69e22
SHA256:928c2808421dfd487ffa697379548cbe682c0e13aeb595eb89973ba9c515b8a1
Infos:

Detection

Score:10
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • setup-lightshot 1.exe (PID: 7000 cmdline: "C:\Users\user\Desktop\setup-lightshot 1.exe" MD5: A1F6923E771B4FF0DF9FEC9555F97C65)
    • setup-lightshot 1.tmp (PID: 7044 cmdline: "C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp" /SL5="$10412,2148280,486912,C:\Users\user\Desktop\setup-lightshot 1.exe" MD5: C6BFFD4DA620B07CB214F1BD8E7F21D2)
      • taskkill.exe (PID: 2696 cmdline: "C:\Windows\System32\taskkill.exe" /f /im lightshot.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1312 cmdline: "taskkill.exe" /F /IM lightshot.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Lightshot.exe (PID: 4460 cmdline: "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" MD5: 62EB961457DF016FA3949E9601A1A845)
        • Lightshot.exe (PID: 3852 cmdline: "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe" MD5: 1E1C83B9680029AD4A9F8D3B3AC93197)
      • setupupdater.exe (PID: 1804 cmdline: "C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent MD5: 843D23F6AAB075A3C032B06D30CE9C5D)
        • setupupdater.tmp (PID: 4900 cmdline: "C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent MD5: 3613E29D2A7B90C1012EC676819CC1CD)
          • net.exe (PID: 7136 cmdline: "C:\Windows\system32\net.exe" START SCHEDULE MD5: 31890A7DE89936F922D44D677F681A7F)
            • conhost.exe (PID: 4408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 6224 cmdline: C:\Windows\system32\net1 START SCHEDULE MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
          • Updater.exe (PID: 1608 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystask MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
          • Updater.exe (PID: 2208 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml" MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
            • Updater.exe (PID: 4432 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml" MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
          • Updater.exe (PID: 736 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true" MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
            • Updater.exe (PID: 792 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true" MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
      • Updater.exe (PID: 4476 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtask MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
        • Updater.exe (PID: 7136 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
      • Updater.exe (PID: 4408 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml" MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
        • Updater.exe (PID: 5232 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml" MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
      • chrome.exe (PID: 5544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=default MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 1860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,7167525600281717774,4743937817464806075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • Updater.exe (PID: 2076 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
    • Updater.exe (PID: 4324 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
  • Updater.exe (PID: 1312 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate MD5: 3EC8F4BD54EF439A8FAB6467122DA0C4)
    • Updater.exe (PID: 980 cmdline: "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate MD5: FBE0664E1C333E36E3CE73D8BD5CC8A1)
  • Lightshot.exe (PID: 4628 cmdline: "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" MD5: 62EB961457DF016FA3949E9601A1A845)
    • Lightshot.exe (PID: 1244 cmdline: "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe" MD5: 1E1C83B9680029AD4A9F8D3B3AC93197)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp, ProcessId: 7044, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Lightshot
Sigma detected: Net.exe Execution
Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "C:\Windows\system32\net.exe" START SCHEDULE, CommandLine: "C:\Windows\system32\net.exe" START SCHEDULE, CommandLine|base64offset|contains: I0, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent, ParentImage: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp, ParentProcessId: 4900, ParentProcessName: setupupdater.tmp, ProcessCommandLine: "C:\Windows\system32\net.exe" START SCHEDULE, ProcessId: 7136, ProcessName: net.exe
Sigma detected: Start Windows Service Via Net.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\system32\net.exe" START SCHEDULE, CommandLine: "C:\Windows\system32\net.exe" START SCHEDULE, CommandLine|base64offset|contains: I0, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent, ParentImage: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp, ParentProcessId: 4900, ParentProcessName: setupupdater.tmp, ProcessCommandLine: "C:\Windows\system32\net.exe" START SCHEDULE, ProcessId: 7136, ProcessName: net.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8B820 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,8_2_00F8B820
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FB96F0 CryptDestroyHash,8_2_00FB96F0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8E6C0 CryptDecrypt,8_2_00F8E6C0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8E640 CryptEncrypt,8_2_00F8E640
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FB9710 CryptDestroyKey,8_2_00FB9710
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8EC90 CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,8_2_00F8EC90
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8ED80 CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,8_2_00F8ED80
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8EFD0 CryptAcquireContextW,CryptImportKey,8_2_00F8EFD0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF26FD0 CryptEncrypt,8_2_6CF26FD0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF24F20 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,8_2_6CF24F20
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF279F0 CryptAcquireContextW,CryptImportKey,8_2_6CF279F0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF459D0 CryptDestroyKey,8_2_6CF459D0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF459B0 CryptDestroyHash,8_2_6CF459B0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF276B0 CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,8_2_6CF276B0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF277A0 CryptSetKeyParam,CryptSetKeyParam,CryptSetKeyParam,CryptDestroyKey,CryptReleaseContext,8_2_6CF277A0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF27050 CryptDecrypt,8_2_6CF27050
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FED80 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_008FED80
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FEE10 CryptAcquireContextW,CryptCreateHash,CreateFileW,ReadFile,ReadFile,CryptHashData,CryptHashData,ReadFile,CloseHandle,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,16_2_008FEE10
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FED80 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,20_2_008FED80
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FEE10 CryptAcquireContextW,CryptCreateHash,CreateFileW,ReadFile,ReadFile,CryptHashData,CryptHashData,ReadFile,CloseHandle,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,20_2_008FEE10
Source: setup-lightshot 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright 2009-2020 Skillbrains. All rights reserved.User is not allowed to upload anything that can be remotely construed as porn copyrighted material harassment or spam. The following types of files constitute "abuse" and may not be uploaded under any circumstances: 1. Pornography adult or mature content 2. Violent content 3. Content related to racial intolerance or advocacy against any individual group or organisation 4. Excessive profanity 5. Hacking/cracking content 6. Illicit drugs and drug paraphernalia content 7. Sales of beer or hard alcohol 8. Sales of tobacco or tobacco-related products 9. Sales of prescription drugs 10. Sales of weapons or ammunition (e.g. firearms firearm components fighting knives stun guns. 11. Sales of products that are replicas or imitations of designer or other goods 12. Sales or distribution of coursework or student essays 13. Content regarding programs which compensate users for clicking ads or offers performing searches surfing websites or reading emails 14. Any other content that is illegal promotes illegal activity or infringes on the legal rights of othersRedistribution in binary forms without modification are permitted provided that the following conditions are met: 1. Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 2. Redistributions should have linkback to app.prntscr.com website. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the Skillbrains. THIS SOFTWARE IS PROVIDED BY SKILLBRAINS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SKILLBRAINS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE DATA OR PROFITS; OR BUSINESS INTERRUPTION. HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE. ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright 2009-2020 Skillbrains. All rights reserved.User is not allowed to upload anything that can be remotely construed as porn copyrighted material harassment or spam. The following types of files constitute "abuse" and may not be uploaded under any circumstances: 1. Pornography adult or mature content 2. Violent content 3. Content related to racial intolerance or advocacy against any individual group or organisation 4. Excessive profanity 5. Hacking/cracking content 6. Illicit drugs and drug paraphernalia content 7. Sales of beer or hard alcohol 8. Sales of tobacco or tobacco-related products 9. Sales of prescription drugs 10. Sales of weapons or ammunition (e.g. firearms firearm components fighting knives stun guns. 11. Sales of products that are replicas or imitations of designer or other goods 12. Sales or distribution of coursework or student essays 13. Content regarding programs which compensate users for clicking ads or offers performing searches surfing websites or reading emails 14. Any other content that is illegal promotes illegal activity or infringes on the legal rights of othersRedistribution in binary forms without modification are permitted provided that the following conditions are met: 1. Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 2. Redistributions should have linkback to app.prntscr.com website. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the Skillbrains. THIS SOFTWARE IS PROVIDED BY SKILLBRAINS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SKILLBRAINS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE DATA OR PROFITS; OR BUSINESS INTERRUPTION. HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE. ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: setup-lightshot 1.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:56535 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:56540 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:56594 version: TLS 1.2
Source: setup-lightshot 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\net.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-V4MCF.tmp.1.dr
Source: Binary string: D:\sources\lightshot\DeployingSystem\Starter\Starter\Release\Starter.pdb source: setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1957009525.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000013.00000000.1956022104.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000015.00000000.1959277201.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000015.00000002.1964643190.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000017.00000002.1968683385.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000017.00000000.1966208614.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000019.00000000.1981206795.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000019.00000002.1982103928.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001B.00000002.1985104572.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001B.00000000.1983782111.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001D.00000002.1995033659.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001D.00000000.1991436692.000000000042E000.00000002.00000001.01000000.00000010.sdmp, is-A39OF.tmp.10.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\Lightshot_exe.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000000.1900232423.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000002.2021598587.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000000.2019458088.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, is-NJRC2.tmp.1.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\Lightshot.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmp, is-A5GK1.tmp.1.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\curl_uploader.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.dr
Source: Binary string: C:\BuildAgent\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\sources\lightshot\DeployingSystem\Updater\bin\1.0.0.0\Updater.pdb source: setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000010.00000000.1942727683.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000010.00000002.1954397813.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000002.2018945693.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000000.1956742873.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000000.1960928619.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000002.2018369560.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000000.1968421177.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000002.2024612113.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000002.1983196279.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000000.1981811985.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000000.1984569546.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000002.2018286305.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000000.1994043299.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000002.2026488455.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, is-QU5BV.tmp.10.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\DXGIODScreenshot.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmp, is-1I1L2.tmp.1.dr
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E52C10 FindFirstFileW,_DebugHeapAllocator,_DebugHeapAllocator,FindNextFileW,FindClose,7_2_00E52C10
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8E1A0 PathFileExistsW,PathIsDirectoryW,FindFirstFileW,FindNextFileW,FindClose,8_2_00F8E1A0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FB120 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,_memcpy_s,PathAddBackslashW,_wcsnlen,FindNextFileW,FindClose,16_2_008FB120
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FD200 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,16_2_008FD200
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FB7D0 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,FindNextFileW,FindClose,_free,16_2_008FB7D0
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F1860 FindFirstFileW,FindNextFileW,FindClose,19_2_003F1860
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00418E52 FindFirstFileExW,19_2_00418E52
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00418E27 FindFirstFileExA,19_2_00418E27
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FD200 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,20_2_008FD200
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FB120 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,_memcpy_s,PathAddBackslashW,_wcsnlen,FindNextFileW,FindClose,20_2_008FB120
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FB7D0 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,FindNextFileW,FindClose,_free,20_2_008FB7D0
Source: global trafficTCP traffic: 192.168.2.4:56527 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 104.16.80.73 104.16.80.73
Source: Joe Sandbox ViewIP Address: 93.158.134.119 93.158.134.119
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FE5F0 DeleteUrlCacheEntryW,URLDownloadToFileW,16_2_008FE5F0
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRU+RlmW167yutC&MD=pYEwBk3e HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /watch/44161209?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /watch/44161209?page-url=%2Fsys%2FUpdater%2FTimeToUpdate&ut=noindex HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /watch/44161209?page-url=%2Fusr%2FUpdater%2FPing&ut=noindex HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /watch/44161209?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /watch/44161209?page-url=%2Fusr%2FUpdater%2FTimeToUpdate&ut=noindex HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=1 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yabs-sid=318014041727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=9373816541727418627; i=U4ukxXBwiLTuoJfI/Ft9HsbBqnTr8cF2TTd+ViPIZOySZPiEKX/S+Eu8ZUtCNUkb7wnnQZFQX0AujeitHvnqJFHVPA8=
Source: global trafficHTTP traffic detected: GET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FPing&ut=noindex&redirnss=1 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yabs-sid=2276765981727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=9373816541727418627; i=U4ukxXBwiLTuoJfI/Ft9HsbBqnTr8cF2TTd+ViPIZOySZPiEKX/S+Eu8ZUtCNUkb7wnnQZFQX0AujeitHvnqJFHVPA8=
Source: global trafficHTTP traffic detected: GET /watch/44161209/1?page-url=%2Fsys%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: yabs-sid=834489591727418627; i=5WR7ieDRgvmtg6sGWbxFzyNRk1yD8wGmOVyh90lv7Z4CD1m8S3IzBq8HbFrgTrg2g5Hy+V/SiUGohZPA59SEadkMhYQ=; yandexuid=2733293781727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627
Source: global trafficHTTP traffic detected: GET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=1 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=7454964041727418627; i=4IMBjOyhOXs04BWrOMy15PEo9eZrsWGKlLPpmZ15XKBnpOUrO1XdEqICaOIhJL+rYF1HSagKWKtOmoy63cdNztX+Sr8=; yabs-sid=1574500721727418627
Source: global trafficHTTP traffic detected: GET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mc.yandex.ruConnection: Keep-AliveCookie: ymex=1758954628.yrts.1727418628#1758954628.yrtsi.1727418628; yandexuid=2967564481727418628; i=MGnnKl86RPDr8ZkUnGfRyJbCm+51V/l5IlsZvoHhIHru8F5Xhtn3RmNGgPFh751pbsRVJnKOSGIB9tBawnRA52diEIU=; _yasc=c9TJMy9H31OgANP4T34MyV8ThXBxohSh+jOnoDYr3UI9/ldMjXtS3UNyAWqx7nRzviI=; yabs-sid=2442611291727418628
Source: global trafficHTTP traffic detected: GET /thankyou_desktop.html HTTP/1.1Host: app.prntscr.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /en/thankyou_desktop.html HTTP/1.1Host: app.prntscr.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/css/main.css HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/jquery.1.8.2.min.js HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/script.mix.js HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/button-download.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-facebook_gscale.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/script.mix.js HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-button.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.prntscr.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/button-icon-sep.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/shadow-top.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-select.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/jquery.1.8.2.min.js HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-twitter_gscale.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-share.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/button-download.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-facebook_gscale.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/img-pic-480.jpg HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/footer-logo.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/css/jquery.smartbanner.css HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/shadow-top.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-select.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/jquery.smartbanner.js HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/button-icon-sep.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-button.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/page-bg.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-twitter_gscale.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/header-logo.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://st.prntscr.com/2023/07/24/0635/css/main.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/helper-share.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.2.698250061.1727418640; _gid=GA1.2.2001955101.1727418640; _gat=1
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/footer-logo.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/js/jquery.smartbanner.js HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/img-pic-480.jpg HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/page-bg.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /manifest.json HTTP/1.1Host: app.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://app.prntscr.com/en/thankyou_desktop.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.prntscr.com/en/thankyou_desktop.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/header-logo.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-lightshot-144.png HTTP/1.1Host: st.prntscr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.prntscr.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /v1/ HTTP/1.1Host: api.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /2023/07/24/0635/img/icon-lightshot-144.png HTTP/1.1Host: st.prntscr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRU+RlmW167yutC&MD=pYEwBk3e HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /getver/updater?ping=true HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: updater.prntscr.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /getver/updater HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: updater.prntscr.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /getver/lightshot HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: updater.prntscr.comConnection: Keep-Alive
Source: chromecache_210.34.drString found in binary or memory: </a></li> <li><a href="//app.prntscr.com/translate-lightshot.html">Add your language</a></li></ul></div> </div> <div id="signin"><a href="https://prntscr.com/gallery.html" target="_self">Sign in</a></div> <div class="header-auth js-auth-trigger"> <div class="header-auth__name"><i id="login_system_icon"></i><span id="username">%username%</span></div> <div class="header-auth-popup js-auth-popup"><ul><li><a id="mygallery_btn" href="https://prntscr.com/gallery.html" target="_self"><i class="icon-gallery"></i>My Gallery</a></li> <li><a id="logout_btn" href="#"><i class="icon-logout"></i>Logout</a></li></ul></div> </div> <div class="header-downloads js-download-last-home"> <span class="button_blue_download header-downloads__button js-download-last-trigger"> <div class="button__wrap download-open-download-page-goal">Download Lightshot for free</div> </span> </div> <div class="header-social"> <a href="https://twitter.com/Light_shot"><i class="icon-twitter_gscale"></i></a> <a href="http://www.facebook.com/Lighshot"><i class="icon-facebook_gscale"></i></a> </div> </div> </div> <div class="page-constrain m-pagetype_thankyou"> <div class="page-header"><h1 class="page-header__title">Thank You!</h1><h2 class="page-header__title_small">Let equals www.facebook.com (Facebook)
Source: chromecache_210.34.drString found in binary or memory: </a></li> <li><a href="//app.prntscr.com/translate-lightshot.html">Add your language</a></li></ul></div> </div> <div id="signin"><a href="https://prntscr.com/gallery.html" target="_self">Sign in</a></div> <div class="header-auth js-auth-trigger"> <div class="header-auth__name"><i id="login_system_icon"></i><span id="username">%username%</span></div> <div class="header-auth-popup js-auth-popup"><ul><li><a id="mygallery_btn" href="https://prntscr.com/gallery.html" target="_self"><i class="icon-gallery"></i>My Gallery</a></li> <li><a id="logout_btn" href="#"><i class="icon-logout"></i>Logout</a></li></ul></div> </div> <div class="header-downloads js-download-last-home"> <span class="button_blue_download header-downloads__button js-download-last-trigger"> <div class="button__wrap download-open-download-page-goal">Download Lightshot for free</div> </span> </div> <div class="header-social"> <a href="https://twitter.com/Light_shot"><i class="icon-twitter_gscale"></i></a> <a href="http://www.facebook.com/Lighshot"><i class="icon-facebook_gscale"></i></a> </div> </div> </div> <div class="page-constrain m-pagetype_thankyou"> <div class="page-header"><h1 class="page-header__title">Thank You!</h1><h2 class="page-header__title_small">Let equals www.twitter.com (Twitter)
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.drString found in binary or memory: Please be sure configuration is correct and proxy does not block Lightshot requests.[[screenshot_plugin.upl_fail.check_proxy_settings]]Continue - open Lightshot proxy configuration[[screenshot_plugin.upl_fail.continue_open_lightshot_proxy]]Try Again - retry with current settings[[screenshot_plugin.upl_fail.try_again_with_current_settings]]Cancel - cancel uploading screenshot[[screenshot_plugin.upl_fail.cancel_uploading_screenshot]]Lightshot uses current system proxy settings: %proxy%[[screenshot_plugin.upl_fail.lightshot_uses_system_proxy]]Continue - open system proxy configuration[[screenshot_plugin.upl_fail.continue_open_system_proxy]]%proxy%Error[[screenshot_plugin.error_capt]]shell32.dll,Control_RunDLL inetcpl.cpl,,4rundll32.exeopenAutoCopyAutoCloseScreenshot uploaded. Link copied to your clipboard.[[screenshot_plugin.screenshot_uploaded_link_copied]]Lightshothttps://www.google.com/searchbyimage?image_url=%20https://twitter.com/home?source=Lightshot&status=https://www.facebook.com/sharer.php?u=https://vk.com/share.php?url=&media=https://pinterest.com/pin/create/button/?url=Uploading Image[[screenshot_plugin.uploading_window_capt]] equals www.facebook.com (Facebook)
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.drString found in binary or memory: Please be sure configuration is correct and proxy does not block Lightshot requests.[[screenshot_plugin.upl_fail.check_proxy_settings]]Continue - open Lightshot proxy configuration[[screenshot_plugin.upl_fail.continue_open_lightshot_proxy]]Try Again - retry with current settings[[screenshot_plugin.upl_fail.try_again_with_current_settings]]Cancel - cancel uploading screenshot[[screenshot_plugin.upl_fail.cancel_uploading_screenshot]]Lightshot uses current system proxy settings: %proxy%[[screenshot_plugin.upl_fail.lightshot_uses_system_proxy]]Continue - open system proxy configuration[[screenshot_plugin.upl_fail.continue_open_system_proxy]]%proxy%Error[[screenshot_plugin.error_capt]]shell32.dll,Control_RunDLL inetcpl.cpl,,4rundll32.exeopenAutoCopyAutoCloseScreenshot uploaded. Link copied to your clipboard.[[screenshot_plugin.screenshot_uploaded_link_copied]]Lightshothttps://www.google.com/searchbyimage?image_url=%20https://twitter.com/home?source=Lightshot&status=https://www.facebook.com/sharer.php?u=https://vk.com/share.php?url=&media=https://pinterest.com/pin/create/button/?url=Uploading Image[[screenshot_plugin.uploading_window_capt]] equals www.twitter.com (Twitter)
Source: Lightshot.exeString found in binary or memory: https://www.facebook.com/sharer.php?u= equals www.facebook.com (Facebook)
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: return b}DC.H="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: updater.prntscr.com
Source: global trafficDNS traffic detected: DNS query: mc.yandex.ru
Source: global trafficDNS traffic detected: DNS query: app.prntscr.com
Source: global trafficDNS traffic detected: DNS query: st.prntscr.com
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: api.prntscr.com
Source: unknownHTTP traffic detected: POST /cdn-cgi/rum? HTTP/1.1Host: app.prntscr.comConnection: keep-aliveContent-Length: 1562sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36content-type: application/jsonAccept: */*Origin: https://app.prntscr.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.prntscr.com/en/thankyou_desktop.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 27 Sep 2024 06:30:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8c9972525e047c84-EWR
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-IAHQC.tmp.1.drString found in binary or memory: http://app.prntscr.com
Source: is-UAHT4.tmp.1.drString found in binary or memory: http://app.prntscr.com/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-CC49K.tmp.1.drString found in binary or memory: http://app.prntscr.com/.
Source: setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/.http://app.prntscr.com/.http://app.prntscr.com/
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000A71000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/1
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022A2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Screenshot history.url.1.drString found in binary or memory: http://app.prntscr.com/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/about-gallery.html1
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/bs/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/bs/learnmore.html
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/bs/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/cs/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/cs/about-gallery.htmlaa
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/cs/learnmore.html
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/cs/thankyou_desktop.html
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/et/thankyou_desktop.html
Source: Lightshot.exe, 00000008.00000002.2984661570.0000000001178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/html5-chrome-ext
Source: Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-IMREP.tmp.1.dr, is-3OTJ0.tmp.1.dr, is-9MOHS.tmp.1.dr, is-BSHMP.tmp.1.dr, is-340BK.tmp.1.dr, is-OOBMK.tmp.1.dr, is-F63GH.tmp.1.dr, is-I74P8.tmp.1.drString found in binary or memory: http://app.prntscr.com/html5-chrome-extension.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000346B000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000230C000.00000004.00001000.00020000.00000000.sdmp, is-4BJ6H.tmp.1.dr, Learn More.url.1.drString found in binary or memory: http://app.prntscr.com/learnmore.html
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/pt-br/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/pt-br/learnmore.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/pt-br/learnmore.htmla
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/pt-br/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000231A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/q
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/ru/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/ru/about-gallery.htmlQ
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, is-1M2R2.tmp.1.drString found in binary or memory: http://app.prntscr.com/ru/learnmore.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/ru/learnmore.htmlMZ
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/ru/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.000000000083E000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022A2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.000000000082D000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.html#install_source=default
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.html#install_source=default(
Source: setup-lightshot 1.tmp, 00000001.00000002.2097870225.00000000001F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.html#install_source=defaultC:
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.000000000082D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.html#install_source=defaultx
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.htmlRy
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.htmle/english&utmac=UA-11927135-1&utmcc=__utma%3D1.175951283
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/thankyou_desktop.urlu
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/tr/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/tr/about-gallery.html1_
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/tr/learnmore.html
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/tr/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/uk/about-gallery.html
Source: setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/uk/learnmore.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://app.prntscr.com/uk/learnmore.html)
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://app.prntscr.com/uk/thankyou_desktop.html
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-U9KAA.tmp.1.drString found in binary or memory: http://app.prntsrc.com/
Source: Lightshot.exe, 00000008.00000002.2984661570.0000000001178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.chromium.org/2013/09/saying-goodb
Source: Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-IMREP.tmp.1.dr, is-3OTJ0.tmp.1.dr, is-9MOHS.tmp.1.dr, is-BSHMP.tmp.1.dr, is-340BK.tmp.1.dr, is-OOBMK.tmp.1.dr, is-F63GH.tmp.1.dr, is-I74P8.tmp.1.drString found in binary or memory: http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://certificates.godaddy.com/repository/0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://certs.godaddy.com/repository/1301
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://counter-strike.com.ua/
Source: Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-CQ1UE.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-3OTJ0.tmp.1.dr, is-9MOHS.tmp.1.dr, is-BSHMP.tmp.1.dr, is-340BK.tmp.1.dr, is-OOBMK.tmp.1.dr, is-F63GH.tmp.1.dr, is-I74P8.tmp.1.drString found in binary or memory: http://crbug.com/415297
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root.crl0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://crl.godaddy.com/gdig2s5-4.crl0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://downloader.yandex.net/yandex-pack/downloader/info.rssDownloading
Source: Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikipedia
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-KB65G.tmp.1.drString found in binary or memory: http://legal.yandex.com.tr/browser_agreement/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-I3RL7.tmp.1.drString found in binary or memory: http://legal.yandex.com.tr/desktop_software_agreement/
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ocsp.godaddy.com/0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ocsp.godaddy.com/05
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ocsp.thawte.com0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng20
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt04
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: http://t2.symcb.com0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: http://tl.symcd.com0&
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: http://twitter.com/
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/%
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/6)
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/=
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/E
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/US_
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, lightshot[1].xml.30.drString found in binary or memory: http://updater.prntscr.com/builds/setup-lightshot-5.5.0.7.exe
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-lightshot-5.5.0.7.exe#
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-lightshot-5.5.0.7.exe5
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-lightshot-5.5.0.7.exes
Source: Updater.exe, 00000018.00000002.2024101673.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, updater[1].xml.22.dr, updater[1].xml.24.drString found in binary or memory: http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe0
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exeO
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exem
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001E.00000002.2026802401.0000000000F54000.00000004.00000020.00020000.00000000.sdmp, unins000.dat.1.dr, info.xml.1.dr, UserProducts.xml.28.drString found in binary or memory: http://updater.prntscr.com/getver/lightshot
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshot&
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshot2
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshot2z
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshot34C:
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshotLMEMX
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshotR
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshotVVC:
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshotb
Source: Updater.exe, 0000001C.00000002.2018984318.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshotuni
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/lightshot~zg
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000018.00000002.2024101673.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, info.xml.10.dr, MachineProducts.xml.20.drString found in binary or memory: http://updater.prntscr.com/getver/updater
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater-
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater4
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater40
Source: Updater.exe, 00000016.00000002.2018866086.0000000000D88000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2018689264.0000000000CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater?ping=true
Source: Updater.exe, 00000016.00000002.2018866086.0000000000D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater?ping=true9
Source: Updater.exe, 00000015.00000002.1965630267.00000000012D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater?ping=truek3
Source: Updater.exe, 00000016.00000002.2018866086.0000000000DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updater?ping=truex9
Source: Updater.exe, 00000018.00000002.2024101673.00000000006A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterC:
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterCon
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterI
Source: Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updateral
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updatere
Source: Updater.exe, 00000014.00000002.2019298918.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterj
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterq
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updateru
Source: Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updater.prntscr.com/getver/updaterz
Source: Updater.exeString found in binary or memory: http://updater.skillbrains.com/machine.xml
Source: setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000010.00000000.1942727683.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000010.00000002.1954397813.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000002.2018945693.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000000.1956742873.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000000.1960928619.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000002.2018369560.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000000.1968421177.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000002.2024612113.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000002.1983196279.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000000.1981811985.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000000.1984569546.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000002.2018286305.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000000.1994043299.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000002.2026488455.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, is-QU5BV.tmp.10.drString found in binary or memory: http://updater.skillbrains.com/machine.xmlhttp://updater.skillbrains.com/user.xmlChecking
Source: Updater.exeString found in binary or memory: http://updater.skillbrains.com/user.xml
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.adilyildiz.com.tr%1
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: setup-lightshot 1.exe, 00000000.00000003.2105416556.00000000026C2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bernamegeh.net%1
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000021F0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2085299580.0000000003379000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/jp/h
Source: Lightshot.exe, 00000008.00000003.1970496282.000000000337B000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1975331249.000000000337B000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000348F000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000344D000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=1090119&utmwv=4.4sh&utmp=Lightshot/Install
Source: setup-lightshot 1.tmp, 00000001.00000003.2085069769.0000000000849000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2101647090.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=1090119&utmwv=4.4sh&utmp=Lightshot/Install%20version
Source: setup-lightshot 1.tmp, 00000001.00000003.2091538525.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037CA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085069769.0000000000849000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2101647090.000000000084E000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2102521073.00000000037CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=2154796&utmwv=4.4sh&utmp=Lightshot/General
Source: setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=2154796&utmwv=4.4sh&utmp=Lightshot/General%20Install
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000340E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?&utmn=4162002&utmwv=4.4sh&utmp=Lightshot/Language/english&
Source: Updater.exeString found in binary or memory: http://www.google-analytics.com/__utm.gif?utmwv=4.4sh
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000000.1900232423.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000010.00000000.1942727683.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000010.00000002.1954397813.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000002.2018945693.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000000.1956742873.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000000.1960928619.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000002.2018369560.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000000.1968421177.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000002.2024612113.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000002.1983196279.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000000.1981811985.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000000.1984569546.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000002.2018286305.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000000.1994043299.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000002.2026488455.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Lightshot.exe, 00000020.00000002.2021598587.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000000.2019458088.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?utmwv=4.4sh&utmac=&utmp=%2F.&utmcc=__utma%3D1.&utmn=-bit&u
Source: Updater.exe, 00000014.00000002.2019482560.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001C.00000002.2018984318.0000000000D52000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001C.00000002.2018984318.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?utmwv=4.4sh&utmac=UA-38715315-1&utmp=%2FUpdater%2Fusr%2FAd
Source: Updater.exe, 00000016.00000002.2018866086.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2018866086.0000000000DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/__utm.gif?utmwv=4.4sh&utmac=UA-38715315-1&utmp=%2FUpdater%2Fusr%2FPi
Source: setup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.haysoft.org%1-k
Source: setup-lightshot 1.exe, 00000000.00000003.1728945109.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1729384305.000000007FCD0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000000.1730462641.0000000000401000.00000020.00000001.01000000.00000004.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002380000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000000.1905986524.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, is-5TND1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, setupupdater.tmp.9.drString found in binary or memory: http://www.innosetup.com/
Source: Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2085299580.0000000003379000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Lightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/&z
Source: Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/2
Source: Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/9
Source: Lightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/M
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/&z
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/M
Source: Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/h
Source: Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/s
Source: Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
Source: Lightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/t
Source: setup-lightshot 1.exe, setupupdater.exe.1.drString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: setup-lightshot 1.exe, 00000000.00000003.2105416556.00000000026C2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.palkornel.hu/innosetup%1
Source: setup-lightshot 1.exe, 00000000.00000003.1728945109.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1729384305.000000007FCD0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000000.1730462641.0000000000401000.00000020.00000001.01000000.00000004.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002380000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000000.1905986524.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, is-5TND1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, setupupdater.tmp.9.drString found in binary or memory: http://www.remobjects.com/ps
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: chromecache_200.34.drString found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: Lightshot.exeString found in binary or memory: https://api.prntscr.com/v1.1/
Source: Lightshot.exe, 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000000.1900232423.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000002.2021598587.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000000.2019458088.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.prntscr.com/v1.1/useridDetachRequestDoneXB
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-NJRC2.tmp.1.drString found in binary or memory: https://api.prntscr.com/v1.1/useridDetachRequestDoneXBD
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: https://api.prntscr.com/v1/
Source: is-NJRC2.tmp.1.drString found in binary or memory: https://app.prntscr.com/
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://cct.google/taggy/agent.js
Source: setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drString found in binary or memory: https://certs.godaddy.com/repository/0
Source: Lightshot.exe, 00000008.00000002.2984661570.0000000001178000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984661570.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937566566.0000000001199000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984661570.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937566566.00000000011A8000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1938246577.00000000011AF000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937514842.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-IMREP.tmp.1.drString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=150835
Source: Updater.exe, 00000016.00000003.2003631534.0000000000E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: setup-lightshot 1.tmp, 00000001.00000002.2102521073.00000000037D2000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037CA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2091538525.00000000037D2000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000003.2003631534.0000000000E10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-V4MCF.tmp.1.drString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: chromecache_180.34.dr, chromecache_176.34.drString found in binary or memory: https://itunes.apple.com/
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: https://itunes.apple.com/us/app/lightshot-screenshot/id526298438
Source: setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000003.2017953336.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000002.2019482560.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2018866086.0000000000DEE000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001C.00000002.2018984318.0000000000D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comF
Source: chromecache_200.34.drString found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: Lightshot.exeString found in binary or memory: https://pinterest.com/pin/create/button/?url=
Source: chromecache_193.34.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.prntscr.app
Source: Lightshot.exeString found in binary or memory: https://prntscr.com/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000000.1900232423.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000002.2021598587.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000000.2019458088.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, is-NJRC2.tmp.1.drString found in binary or memory: https://prntscr.com/app/attach_app.php?id=Signed
Source: chromecache_210.34.drString found in binary or memory: https://prntscr.com/gallery.html
Source: chromecache_210.34.drString found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_216.34.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://tagassistant.google.com/
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://td.doubleclick.net
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: https://twitter.com/#
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: https://twitter.com/$1
Source: chromecache_210.34.drString found in binary or memory: https://twitter.com/Light_shot
Source: Lightshot.exeString found in binary or memory: https://twitter.com/home?source=Lightshot&status=
Source: chromecache_186.34.dr, chromecache_175.34.drString found in binary or memory: https://twitter.com/share
Source: Lightshot.exeString found in binary or memory: https://upload.prntscr.com/upload
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.drString found in binary or memory: https://upload.prntscr.com/upload%s/%I64d/%s/application/octet-streamimagethumbTruedirect_linkwidthh
Source: Lightshot.exeString found in binary or memory: https://vk.com/share.php?url=
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/03
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_200.34.drString found in binary or memory: https://www.google.com
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://www.google.com/ads/ga-audiences
Source: Lightshot.exeString found in binary or memory: https://www.google.com/searchbyimage?image_url=
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.drString found in binary or memory: https://www.google.com/searchbyimage?image_url=%20https://twitter.com/home?source=Lightshot&status=h
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://www.googleadservices.com
Source: chromecache_200.34.drString found in binary or memory: https://www.googletagmanager.com
Source: chromecache_191.34.dr, chromecache_216.34.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_210.34.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-0DR1D0LZJH
Source: chromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drString found in binary or memory: https://www.merchant-center-analytics.goog
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: https://www.thawte.com/cps0/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006984000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2097711056.000000000018E000.00000004.00000010.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FE32000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002496000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000003.1966583875.0000000005F11000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000002.1977241508.000000000018D000.00000004.00000010.00020000.00000000.sdmp, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.drString found in binary or memory: https://www.thawte.com/repository0W
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-QUFDK.tmp.1.drString found in binary or memory: https://yandex.com.tr/legal/browser_agreement/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-QUFDK.tmp.1.drString found in binary or memory: https://yandex.com.tr/legal/desktop_software_agreement/
Source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-QUFDK.tmp.1.drString found in binary or memory: https://yandex.com.tr/soft/distribution/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56558
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56559
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56554
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56555
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56556
Source: unknownNetwork traffic detected: HTTP traffic on port 56566 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56557
Source: unknownNetwork traffic detected: HTTP traffic on port 56586 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56540 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56561
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56562
Source: unknownNetwork traffic detected: HTTP traffic on port 56589 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56563 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56563
Source: unknownNetwork traffic detected: HTTP traffic on port 56537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56564
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56560
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 56592 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56554 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56546 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56569
Source: unknownNetwork traffic detected: HTTP traffic on port 56560 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56565
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56566
Source: unknownNetwork traffic detected: HTTP traffic on port 56581 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56567
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56568
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56572
Source: unknownNetwork traffic detected: HTTP traffic on port 56543 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56570
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56557 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56578 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56576
Source: unknownNetwork traffic detected: HTTP traffic on port 56580 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56549 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56578
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56579
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56583
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56584
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56585
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56586
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56580
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56581
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56582
Source: unknownNetwork traffic detected: HTTP traffic on port 56558 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56535 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56594 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 56583 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56544 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56589
Source: unknownNetwork traffic detected: HTTP traffic on port 56569 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56594
Source: unknownNetwork traffic detected: HTTP traffic on port 56538 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56596
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56590
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56591
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56592
Source: unknownNetwork traffic detected: HTTP traffic on port 56572 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56576 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56553 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56582 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56547 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56579 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56556 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56596 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56567 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56585 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56564 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56536 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56570 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56591 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56536
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56537
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56538
Source: unknownNetwork traffic detected: HTTP traffic on port 56545 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56539
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56534
Source: unknownNetwork traffic detected: HTTP traffic on port 56584 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56535
Source: unknownNetwork traffic detected: HTTP traffic on port 56568 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56539 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56540
Source: unknownNetwork traffic detected: HTTP traffic on port 56565 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56590 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56542 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56542
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56547
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56548
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56549
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56543
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56544
Source: unknownNetwork traffic detected: HTTP traffic on port 56548 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56545
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56546
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56553
Source: unknownNetwork traffic detected: HTTP traffic on port 56562 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56534 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 56559 -> 443
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 93.158.134.119:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:56535 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:56540 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:56594 version: TLS 1.2
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF28860 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,8_2_6CF28860
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF28860 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,8_2_6CF28860
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F83CA70 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,EndDialog,MessageBeep,8_2_6F83CA70
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F932B0 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,SetWindowTextW,8_2_00F932B0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8EFD0 CryptAcquireContextW,CryptImportKey,8_2_00F8EFD0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF279F0 CryptAcquireContextW,CryptImportKey,8_2_6CF279F0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FD5C0 WTSGetActiveConsoleSessionId,WTSQueryUserToken,_memset,CreateProcessAsUserW,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,16_2_008FD5C0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile created: C:\Windows\Tasks\update-sys.jobJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\1[1].gif
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\updater[1].xml
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile created: C:\Windows\Tasks\update-S-1-5-21-2246122658-3693405117-2476756634-1002.job
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\1[1].gif
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E5B8967_2_00E5B896
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FB500C8_2_00FB500C
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA94D08_2_00FA94D0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA559D8_2_00FA559D
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA763E8_2_00FA763E
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA57CC8_2_00FA57CC
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8E7408_2_00F8E740
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FB0B618_2_00FB0B61
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF3DC9E8_2_6CF3DC9E
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF368CC8_2_6CF368CC
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF429388_2_6CF42938
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF3669D8_2_6CF3669D
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF377508_2_6CF37750
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF270D08_2_6CF270D0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F811D508_2_6F811D50
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F81C7088_2_6F81C708
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F852BBE8_2_6F852BBE
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F84CB5C8_2_6F84CB5C
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F8578588_2_6F857858
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F8527108_2_6F852710
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F83F0208_2_6F83F020
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0094460716_2_00944607
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008F287016_2_008F2870
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0095CA6B16_2_0095CA6B
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008F6D3016_2_008F6D30
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00924D6016_2_00924D60
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00930F4216_2_00930F42
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0092B61016_2_0092B610
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008DF9A016_2_008DF9A0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008EBBF016_2_008EBBF0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00941DE416_2_00941DE4
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0095BE4616_2_0095BE46
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042220F19_2_0042220F
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0040829419_2_00408294
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_004084C319_2_004084C3
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_004086FD19_2_004086FD
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042A68A19_2_0042A68A
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0040892C19_2_0040892C
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00408B5B19_2_00408B5B
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042AB8619_2_0042AB86
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F6DA719_2_003F6DA7
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00408D9519_2_00408D95
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00428F1F19_2_00428F1F
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00408FC419_2_00408FC4
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042AF9E19_2_0042AF9E
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_004210F019_2_004210F0
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0040922119_2_00409221
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042B3D319_2_0042B3D3
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0040948D19_2_0040948D
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042163019_2_00421630
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_004096EA19_2_004096EA
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0042B80819_2_0042B808
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0040994719_2_00409947
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00421AE019_2_00421AE0
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00409BB319_2_00409BB3
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_0041FC7419_2_0041FC74
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0095C3B820_2_0095C3B8
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0094460720_2_00944607
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0095CA6B20_2_0095CA6B
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00924D6020_2_00924D60
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00930F4220_2_00930F42
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00929A9A20_2_00929A9A
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00941DE420_2_00941DE4
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0095E5E520_2_0095E5E5
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0092672720_2_00926727
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008F287020_2_008F2870
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008F6D3020_2_008F6D30
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0092B61020_2_0092B610
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008DF9A020_2_008DF9A0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008EBBF020_2_008EBBF0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0095BE4620_2_0095BE46
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: String function: 6CF21D70 appears 76 times
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: String function: 6F831B10 appears 80 times
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: String function: 00F875C0 appears 207 times
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: String function: 6F848F10 appears 31 times
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: String function: 6F848842 appears 40 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 008DDB60 appears 32 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 0091134E appears 64 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 00944072 appears 41 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 0091929B appears 34 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 009174C4 appears 140 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 008D3490 appears 44 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 0091137C appears 87 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 008D1830 appears 72 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 00925C7D appears 238 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 00926D80 appears 96 times
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: String function: 00902340 appears 90 times
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: String function: 004172FF appears 34 times
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: String function: 00417896 appears 60 times
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: String function: 003F43E0 appears 47 times
Source: setup-lightshot 1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: setup-lightshot 1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-5TND1.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-5TND1.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: setupupdater.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: setupupdater.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: setup-lightshot 1.exe, 00000000.00000003.1728945109.0000000002541000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs setup-lightshot 1.exe
Source: setup-lightshot 1.exe, 00000000.00000003.1729384305.000000007FE3D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs setup-lightshot 1.exe
Source: setup-lightshot 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: clean10.evad.winEXE@64/253@24/9
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E53820 CoCreateInstance,7_2_00E53820
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E544A0 LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,7_2_00E544A0
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\SkillbrainsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1456:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4408:120:WilError_03
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeMutant created: \Sessions\1\BaseNamedObjects\LightshotStandAloneAppMainMutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5628:120:WilError_03
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeMutant created: \BaseNamedObjects\Skillbrains_Updarer_CMDARG_RUNMODE_CHECKUPDATE
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeMutant created: \Sessions\1\BaseNamedObjects\Skillbrains_Updarer_CMDARG_RUNMODE_CHECKUPDATE
Source: C:\Users\user\Desktop\setup-lightshot 1.exeFile created: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmpJump to behavior
Source: C:\Users\user\Desktop\setup-lightshot 1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;lightshot.exe&quot;)
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;lightshot.exe&quot;)
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;lightshot.exe&quot;)
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\setup-lightshot 1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: Updater.exeString found in binary or memory: InstallerManager/Installed
Source: Updater.exeString found in binary or memory: InstallerManager/Installed
Source: setup-lightshot 1.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\setup-lightshot 1.exeFile read: C:\Users\user\Desktop\setup-lightshot 1.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\setup-lightshot 1.exe "C:\Users\user\Desktop\setup-lightshot 1.exe"
Source: C:\Users\user\Desktop\setup-lightshot 1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp "C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp" /SL5="$10412,2148280,486912,C:\Users\user\Desktop\setup-lightshot 1.exe"
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im lightshot.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill.exe" /F /IM lightshot.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeProcess created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe "C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeProcess created: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp "C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" START SCHEDULE
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 START SCHEDULE
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystask
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
Source: unknownProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtask
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
Source: unknownProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
Source: unknownProcess created: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeProcess created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=default
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,7167525600281717774,4743937817464806075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\setup-lightshot 1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp "C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp" /SL5="$10412,2148280,486912,C:\Users\user\Desktop\setup-lightshot 1.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im lightshot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill.exe" /F /IM lightshot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe "C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilentJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtaskJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=defaultJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeProcess created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeProcess created: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp "C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilentJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" START SCHEDULEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystaskJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"Jump to behavior
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 START SCHEDULEJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"Jump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeProcess created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeProcess created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,7167525600281717774,4743937817464806075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\setup-lightshot 1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\setup-lightshot 1.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: d3dx9_32.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mstask.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mstask.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mpr.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeSection loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Uninstall Lightshot.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files (x86)\Skillbrains\lightshot\unins000.exe
Source: Lightshot.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright 2009-2020 Skillbrains. All rights reserved.User is not allowed to upload anything that can be remotely construed as porn copyrighted material harassment or spam. The following types of files constitute "abuse" and may not be uploaded under any circumstances: 1. Pornography adult or mature content 2. Violent content 3. Content related to racial intolerance or advocacy against any individual group or organisation 4. Excessive profanity 5. Hacking/cracking content 6. Illicit drugs and drug paraphernalia content 7. Sales of beer or hard alcohol 8. Sales of tobacco or tobacco-related products 9. Sales of prescription drugs 10. Sales of weapons or ammunition (e.g. firearms firearm components fighting knives stun guns. 11. Sales of products that are replicas or imitations of designer or other goods 12. Sales or distribution of coursework or student essays 13. Content regarding programs which compensate users for clicking ads or offers performing searches surfing websites or reading emails 14. Any other content that is illegal promotes illegal activity or infringes on the legal rights of othersRedistribution in binary forms without modification are permitted provided that the following conditions are met: 1. Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 2. Redistributions should have linkback to app.prntscr.com website. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the Skillbrains. THIS SOFTWARE IS PROVIDED BY SKILLBRAINS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SKILLBRAINS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE DATA OR PROFITS; OR BUSINESS INTERRUPTION. HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE. ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright 2009-2020 Skillbrains. All rights reserved.User is not allowed to upload anything that can be remotely construed as porn copyrighted material harassment or spam. The following types of files constitute "abuse" and may not be uploaded under any circumstances: 1. Pornography adult or mature content 2. Violent content 3. Content related to racial intolerance or advocacy against any individual group or organisation 4. Excessive profanity 5. Hacking/cracking content 6. Illicit drugs and drug paraphernalia content 7. Sales of beer or hard alcohol 8. Sales of tobacco or tobacco-related products 9. Sales of prescription drugs 10. Sales of weapons or ammunition (e.g. firearms firearm components fighting knives stun guns. 11. Sales of products that are replicas or imitations of designer or other goods 12. Sales or distribution of coursework or student essays 13. Content regarding programs which compensate users for clicking ads or offers performing searches surfing websites or reading emails 14. Any other content that is illegal promotes illegal activity or infringes on the legal rights of othersRedistribution in binary forms without modification are permitted provided that the following conditions are met: 1. Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 2. Redistributions should have linkback to app.prntscr.com website. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the Skillbrains. THIS SOFTWARE IS PROVIDED BY SKILLBRAINS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SKILLBRAINS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE DATA OR PROFITS; OR BUSINESS INTERRUPTION. HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE. ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.I &accept the agreementI &do not accept the agreement&Next >Cancel
Source: setup-lightshot 1.exeStatic PE information: certificate valid
Source: setup-lightshot 1.exeStatic file information: File size 2786328 > 1048576
Source: setup-lightshot 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\net.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-V4MCF.tmp.1.dr
Source: Binary string: D:\sources\lightshot\DeployingSystem\Starter\Starter\Release\Starter.pdb source: setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000013.00000002.1957009525.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000013.00000000.1956022104.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000015.00000000.1959277201.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000015.00000002.1964643190.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000017.00000002.1968683385.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000017.00000000.1966208614.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000019.00000000.1981206795.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 00000019.00000002.1982103928.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001B.00000002.1985104572.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001B.00000000.1983782111.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001D.00000002.1995033659.000000000042E000.00000002.00000001.01000000.00000010.sdmp, Updater.exe, 0000001D.00000000.1991436692.000000000042E000.00000002.00000001.01000000.00000010.sdmp, is-A39OF.tmp.10.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\Lightshot_exe.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000008.00000000.1900232423.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000002.2021598587.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, Lightshot.exe, 00000020.00000000.2019458088.0000000000FBA000.00000002.00000001.01000000.00000009.sdmp, is-NJRC2.tmp.1.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\Lightshot.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmp, is-A5GK1.tmp.1.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\curl_uploader.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.dr
Source: Binary string: C:\BuildAgent\work\a197c1fa8a223363\downloader\Release\downloader.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.0000000006680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\sources\lightshot\DeployingSystem\Updater\bin\1.0.0.0\Updater.pdb source: setupupdater.tmp, 0000000A.00000003.1966583875.0000000005DE0000.00000004.00001000.00020000.00000000.sdmp, Updater.exe, 00000010.00000000.1942727683.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000010.00000002.1954397813.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000002.2018945693.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000014.00000000.1956742873.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000000.1960928619.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000016.00000002.2018369560.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000000.1968421177.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 00000018.00000002.2024612113.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000002.1983196279.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001A.00000000.1981811985.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000000.1984569546.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001C.00000002.2018286305.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000000.1994043299.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, Updater.exe, 0000001E.00000002.2026488455.0000000000972000.00000002.00000001.01000000.0000000E.sdmp, is-QU5BV.tmp.10.dr
Source: Binary string: D:\Dev\skillbrains\lightshot-windows-app\Screenshot\StandAloneApp\Release\DXGIODScreenshot.pdb source: setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmp, is-1I1L2.tmp.1.dr
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E5FC2F LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,7_2_00E5FC2F
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E587E9 push ecx; ret 7_2_00E587FC
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA11E6 push ecx; ret 8_2_00FA11F9
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FB974F push esp; ret 8_2_00FB9759
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF32266 push ecx; ret 8_2_6CF32279
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F812FC6 push ecx; ret 8_2_6F812FD9
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F848F56 push ecx; ret 8_2_6F848F69
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00926DC5 push ecx; ret 16_2_00926DD8
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00925C4B push ecx; ret 16_2_00925C5E
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F4426 push ecx; ret 19_2_003F4439
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00925C4B push ecx; ret 20_2_00925C5E
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00926DC5 push ecx; ret 20_2_00926DD8
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1I1L2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeFile created: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpJump to dropped file
Source: C:\Users\user\Desktop\setup-lightshot 1.exeFile created: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\net.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\is-5TND1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-V4MCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\is-Q717B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-A5GK1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S06D3.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpFile created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpFile created: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\is-QU5BV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-BMVNO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpFile created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-NJRC2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpFile created: C:\Program Files (x86)\Skillbrains\Updater\is-A39OF.tmpJump to dropped file
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeFile created: C:\Windows\Tasks\update-sys.jobJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightshotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Uninstall Lightshot.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.urlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Screenshot history.urlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run LightshotJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run LightshotJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00926727 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,20_2_00926727
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Desktop\setup-lightshot 1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1I1L2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\net.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-V4MCF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-A5GK1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S06D3.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-BMVNO.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpDropped PE file which has not been started: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_7-8191
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeAPI coverage: 8.9 %
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeAPI coverage: 6.5 %
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeAPI coverage: 8.6 %
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeAPI coverage: 5.9 %
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeAPI coverage: 7.8 %
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe TID: 4460Thread sleep time: -56000s >= -30000s
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe TID: 2108Thread sleep time: -57500s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E52C10 FindFirstFileW,_DebugHeapAllocator,_DebugHeapAllocator,FindNextFileW,FindClose,7_2_00E52C10
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F8E1A0 PathFileExistsW,PathIsDirectoryW,FindFirstFileW,FindNextFileW,FindClose,8_2_00F8E1A0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FB120 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,_memcpy_s,PathAddBackslashW,_wcsnlen,FindNextFileW,FindClose,16_2_008FB120
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FD200 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,16_2_008FD200
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FB7D0 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,FindNextFileW,FindClose,_free,16_2_008FB7D0
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F1860 FindFirstFileW,FindNextFileW,FindClose,19_2_003F1860
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00418E52 FindFirstFileExW,19_2_00418E52
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00418E27 FindFirstFileExA,19_2_00418E27
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FD200 FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindNextFileW,RemoveDirectoryW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,20_2_008FD200
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FB120 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,_memcpy_s,PathAddBackslashW,_wcsnlen,FindNextFileW,FindClose,20_2_008FB120
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_008FB7D0 PathAddBackslashW,_wcsnlen,PathAddBackslashW,_wcsnlen,FindFirstFileW,FindNextFileW,FindClose,_free,20_2_008FB7D0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeThread delayed: delay time: 56000
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeThread delayed: delay time: 57500
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX"|
Source: setup-lightshot 1.tmp, 00000001.00000003.2091538525.00000000037BE000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn"
Source: Updater.exe, 0000001C.00000002.2018984318.0000000000D39000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW/
Source: Updater.exe, 0000001E.00000002.2026802401.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037CA000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000003.2017953336.0000000000B48000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000002.2019482560.0000000000B49000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000002.2019482560.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000003.2017953336.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2018866086.0000000000DC3000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000002.2018866086.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000018.00000002.2024101673.0000000000696000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000018.00000002.2024101673.0000000000651000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001C.00000002.2018984318.0000000000D39000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 0000001C.00000002.2018984318.0000000000D66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Updater.exe, 00000014.00000003.2017953336.0000000000B48000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000014.00000002.2019482560.0000000000B49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: Updater.exe, 00000016.00000002.2018866086.0000000000DC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\Y
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E590E4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00E590E4
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0094CD07 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,16_2_0094CD07
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E5FC2F LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,7_2_00E5FC2F
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA16AD mov esi, dword ptr fs:[00000030h]8_2_00FA16AD
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FAB764 mov eax, dword ptr fs:[00000030h]8_2_00FAB764
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF38C5B mov eax, dword ptr fs:[00000030h]8_2_6CF38C5B
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF326FD mov esi, dword ptr fs:[00000030h]8_2_6CF326FD
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F815D01 mov eax, dword ptr fs:[00000030h]8_2_6F815D01
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F847F08 mov esi, dword ptr fs:[00000030h]8_2_6F847F08
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F84D9A1 mov eax, dword ptr fs:[00000030h]8_2_6F84D9A1
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_004105C5 mov eax, dword ptr fs:[00000030h]19_2_004105C5
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_00410653 mov eax, dword ptr fs:[00000030h]19_2_00410653
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E61C1C GetProcessHeap,7_2_00E61C1C
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E590E4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00E590E4
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E579E4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00E579E4
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E612EF __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00E612EF
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E5CF9E SetUnhandledExceptionFilter,7_2_00E5CF9E
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA0590 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00FA0590
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA0DAB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00FA0DAB
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA9E47 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00FA9E47
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA0F3D SetUnhandledExceptionFilter,8_2_00FA0F3D
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF37D2F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6CF37D2F
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF31ED7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6CF31ED7
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF315E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6CF315E0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F812E5D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6F812E5D
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F812D3A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6F812D3A
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F81575D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6F81575D
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F848DED IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6F848DED
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F84BB7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6F84BB7E
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F8488BD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6F8488BD
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_00926A67 SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00926A67
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F41EF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_003F41EF
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003FC2B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_003FC2B3
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F4384 SetUnhandledExceptionFilter,19_2_003F4384
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: 19_2_003F443B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_003F443B
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00926A36 SetUnhandledExceptionFilter,20_2_00926A36
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_00926A67 SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00926A67
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im lightshot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe "C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilentJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtaskJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmpProcess created: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe "C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"Jump to behavior
Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 START SCHEDULEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im lightshot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill.exe" /F /IM lightshot.exeJump to behavior
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FAF60 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,16_2_008FAF60
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00FA0FE8 cpuid 8_2_00FA0FE8
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: GetLocaleInfoA,7_2_00E61406
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_0041E041
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,19_2_0041E0CE
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetLocaleInfoW,19_2_0041E31E
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,19_2_0041E447
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetLocaleInfoW,19_2_0041E54E
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,19_2_0041E61B
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_00417386
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_004174EE
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_004174A2
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,19_2_0041DCC5
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: GetLocaleInfoW,19_2_00417DD6
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_0041DF3D
Source: C:\Program Files (x86)\Skillbrains\Updater\Updater.exeCode function: EnumSystemLocalesW,19_2_0041DFA6
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,20_2_0094C8C5
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: GetLocaleInfoW,20_2_0094CB0E
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exeCode function: 7_2_00E5D72D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,7_2_00E5D72D
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_008FF530 GetUserNameW,16_2_008FF530
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F90300 GetVersionExW,8_2_00F90300
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F81180 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_00F81180
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F812E0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_00F812E0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_00F81230 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_00F81230
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6CF21AB0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_6CF21AB0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F8117C0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_6F8117C0
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F811540 TakeScreenshotExp,__ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_6F811540
Source: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exeCode function: 8_2_6F8319C0 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,8_2_6F8319C0
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 16_2_0094F4F3 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,16_2_0094F4F3
Source: C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exeCode function: 20_2_0094F4F3 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,20_2_0094F4F3

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		11
Input Capture		1
System Time Discovery		Remote Services11
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts3
Native API		1
Valid Accounts		1
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol11
Input Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		1
Scheduled Task/Job		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares2
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		11
Registry Run Keys / Startup Folder		11
Process Injection		1
DLL Side-Loading		NTDS45
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Scheduled Task/Job		1
File Deletion		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
Registry Run Keys / Startup Folder		12
Masquerading		Cached Domain Credentials31
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Valid Accounts		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem12
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow3
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520341 Sample: setup-lightshot 1.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 10 98 updater.prntscr.com 2->98 100 mc.yandex.ru 2->100 10 setup-lightshot 1.exe 2 2->10         started        13 Updater.exe 2->13         started        15 Updater.exe 2->15         started        17 Lightshot.exe 2->17         started        process3 file4 88 C:\Users\user\...\setup-lightshot 1.tmp, PE32 10->88 dropped 19 setup-lightshot 1.tmp 29 115 10->19         started        22 Updater.exe 13->22         started        25 Updater.exe 15->25         started        27 Lightshot.exe 17->27         started        process5 dnsIp6 72 C:\Users\user\AppData\...\setupupdater.exe, PE32 19->72 dropped 74 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 19->74 dropped 76 C:\...\unins000.exe (copy), PE32 19->76 dropped 78 13 other files (none is malicious) 19->78 dropped 29 setupupdater.exe 2 19->29         started        32 chrome.exe 19->32         started        35 taskkill.exe 1 19->35         started        37 4 other processes 19->37 104 mc.yandex.ru 93.158.134.119, 443, 49739, 49741 YANDEXRU Russian Federation 22->104 file7 process8 dnsIp9 90 C:\Users\user\AppData\...\setupupdater.tmp, PE32 29->90 dropped 39 setupupdater.tmp 6 16 29->39         started        92 192.168.2.4, 138, 443, 49172 unknown unknown 32->92 94 192.168.2.5 unknown unknown 32->94 96 239.255.255.250 unknown Reserved 32->96 42 chrome.exe 32->42         started        45 conhost.exe 35->45         started        47 Lightshot.exe 2 37->47         started        49 conhost.exe 37->49         started        51 Updater.exe 37->51         started        53 Updater.exe 37->53         started        file10 process11 dnsIp12 80 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 39->80 dropped 82 C:\Program Files (x86)\...\is-A39OF.tmp, PE32 39->82 dropped 84 C:\Program Files (x86)\...\Updater.exe (copy), PE32 39->84 dropped 86 2 other files (none is malicious) 39->86 dropped 55 net.exe 1 39->55         started        57 Updater.exe 39->57         started        59 Updater.exe 39->59         started        61 Updater.exe 1 4 39->61         started        106 www.google.com 142.250.184.196, 443, 56566, 56596 GOOGLEUS United States 42->106 108 static.cloudflareinsights.com 104.16.79.73, 443, 56549 CLOUDFLARENETUS United States 42->108 110 4 other IPs or domains 42->110 file13 process14 process15 63 conhost.exe 55->63         started        65 net1.exe 1 55->65         started        67 Updater.exe 57->67         started        70 Updater.exe 4 19 59->70         started        dnsIp16 102 api.prntscr.com 104.23.140.12, 443, 49740, 49756 CLOUDFLARENETUS United States 67->102

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
setup-lightshot 1.exe8%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\is-QU5BV.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (copy)5%ReversingLabs
C:\Program Files (x86)\Skillbrains\Updater\is-A39OF.tmp5%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1I1L2.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-A5GK1.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-BMVNO.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-NJRC2.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-V4MCF.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\net.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (copy)0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\is-5TND1.tmp2%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\is-Q717B.tmp0%ReversingLabs
C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe (copy)2%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp3%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe2%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-S06D3.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp2%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c12417176891760150%URL Reputationsafe
https://stats.g.doubleclick.net/g/collect0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://ampcid.google.com/v1/publisher:getClientId0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
https://stats.g.doubleclick.net/j/collect0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.innosetup.com/0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://updater.prntscr.com/getver/lightshotb0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/&z0%Avira URL Cloudsafe
http://app.prntscr.com/.http://app.prntscr.com/.http://app.prntscr.com/0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://updater.prntscr.com/getver/lightshotR0%Avira URL Cloudsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://app.prntscr.com0%Avira URL Cloudsafe
http://app.prntscr.com/bs/about-gallery.html0%Avira URL Cloudsafe
http://crl.godaddy.com/gdig2s5-4.crl00%Avira URL Cloudsafe
http://app.prntscr.com/ru/about-gallery.html0%Avira URL Cloudsafe
http://app.prntscr.com/thankyou_desktop.html0%Avira URL Cloudsafe
http://app.prntscr.com/thankyou_desktop.html#install_source=defaultx0%Avira URL Cloudsafe
http://app.prntscr.com/thankyou_desktop.htmlRy0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/90%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/js/jquery.smartbanner.js0%Avira URL Cloudsafe
http://www.palkornel.hu/innosetup%10%Avira URL Cloudsafe
http://app.prntsrc.com/0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/updateral0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/20%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y00%Avira URL Cloudsafe
http://app.prntscr.com/pt-br/learnmore.htmla0%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/img/footer-logo.png0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/lightshot2z0%Avira URL Cloudsafe
https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=10%Avira URL Cloudsafe
http://updater.prntscr.com/getver/lightshot20%Avira URL Cloudsafe
http://app.prntscr.com/cs/learnmore.html0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/M0%Avira URL Cloudsafe
https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:00%Avira URL Cloudsafe
https://code.google.com/p/chromium/issues/detail?id=1508350%Avira URL Cloudsafe
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe00%Avira URL Cloudsafe
https://twitter.com/home?source=Lightshot&status=0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/lightshot34C:0%Avira URL Cloudsafe
http://certs.godaddy.com/repository/13010%Avira URL Cloudsafe
http://blog.chromium.org/2013/09/saying-goodb0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/updaterC:0%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/js/jquery.1.8.2.min.js0%Avira URL Cloudsafe
http://app.prntscr.com/thankyou_desktop.html#install_source=default(0%Avira URL Cloudsafe
https://certs.godaddy.com/repository/00%Avira URL Cloudsafe
https://pinterest.com/pin/create/button/?url=0%Avira URL Cloudsafe
https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=10%Avira URL Cloudsafe
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exeO0%Avira URL Cloudsafe
http://app.prntscr.com/about-gallery.html10%Avira URL Cloudsafe
http://crl.godaddy.com/gdroot-g2.crl0F0%Avira URL Cloudsafe
http://app.prntscr.com/about-gallery.html0%Avira URL Cloudsafe
http://www.haysoft.org%1-k0%Avira URL Cloudsafe
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exem0%Avira URL Cloudsafe
https://upload.prntscr.com/upload%s/%I64d/%s/application/octet-streamimagethumbTruedirect_linkwidthh0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/t0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/s0%Avira URL Cloudsafe
http://app.prntscr.com/pt-br/about-gallery.html0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/Y0/0%Avira URL Cloudsafe
https://app.prntscr.com/cdn-cgi/rum?0%Avira URL Cloudsafe
http://app.prntscr.com/thankyou_desktop.htmle/english&utmac=UA-11927135-1&utmcc=__utma%3D1.1759512830%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/h0%Avira URL Cloudsafe
https://prntscr.com/gallery.html0%Avira URL Cloudsafe
http://updater.skillbrains.com/user.xml0%Avira URL Cloudsafe
http://app.prntscr.com/learnmore.html0%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/img/helper-share.png0%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/img/helper-button.png0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/updater400%Avira URL Cloudsafe
http://certificates.godaddy.com/repository/00%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/img/icon-twitter_gscale.png0%Avira URL Cloudsafe
http://updater.skillbrains.com/machine.xml0%Avira URL Cloudsafe
http://app.prntscr.com/tr/learnmore.html0%Avira URL Cloudsafe
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU0%Avira URL Cloudsafe
http://app.prntscr.com/pt-br/learnmore.html0%Avira URL Cloudsafe
http://updater.prntscr.com/US_0%Avira URL Cloudsafe
http://updater.prntscr.com/%0%Avira URL Cloudsafe
https://api.prntscr.com/v1/0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/updater40%Avira URL Cloudsafe
http://app.prntscr.com/q0%Avira URL Cloudsafe
http://app.prntscr.com/cs/about-gallery.htmlaa0%Avira URL Cloudsafe
http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/lightshotuni0%Avira URL Cloudsafe
https://code.google.com/p0%Avira URL Cloudsafe
https://yandex.com.tr/soft/distribution/0%Avira URL Cloudsafe
http://updater.prntscr.com/=0%Avira URL Cloudsafe
http://app.prntscr.com/bs/thankyou_desktop.html0%Avira URL Cloudsafe
http://updater.prntscr.com/E0%Avira URL Cloudsafe
http://updater.prntscr.com/getver/updater-0%Avira URL Cloudsafe
https://st.prntscr.com/2023/07/24/0635/img/icon-facebook_gscale.png0%Avira URL Cloudsafe
https://api.prntscr.com/v1.1/useridDetachRequestDoneXBD0%Avira URL Cloudsafe
http://app.prntscr.com/tr/about-gallery.html1_0%Avira URL Cloudsafe
http://www.fontbureau.com/jp/h0%Avira URL Cloudsafe
http://app.prntscr.com/uk/learnmore.html0%Avira URL Cloudsafe
http://app.prntscr.com/et/thankyou_desktop.html0%Avira URL Cloudsafe
https://yandex.com.tr/legal/browser_agreement/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
mc.yandex.ru
93.158.134.119
truefalse
    		unknown
    static.cloudflareinsights.com
    		104.16.79.73
    		truefalse
      		unknown
      app.prntscr.com
      		104.23.139.12
      		truefalse
        		unknown
        updater.prntscr.com
        		104.23.140.12
        		truefalse
          		unknown
          st.prntscr.com
          		104.23.140.12
          		truefalse
            		unknown
            www.google.com
            		142.250.184.196
            		truefalse
              		unknown
              api.prntscr.com
              		104.23.140.12
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015false
                • URL Reputation: safe
                		unknown
                https://app.prntscr.com/en/thankyou_desktop.html#install_source=defaultfalse
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/js/jquery.smartbanner.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/img/footer-logo.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=1false
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/js/jquery.1.8.2.min.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=1false
                  • Avira URL Cloud: safe
                  		unknown
                  https://app.prntscr.com/cdn-cgi/rum?false
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/img/helper-button.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/img/helper-share.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/img/icon-twitter_gscale.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.prntscr.com/v1/false
                  • Avira URL Cloud: safe
                  		unknown
                  https://st.prntscr.com/2023/07/24/0635/img/icon-facebook_gscale.pngfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://stats.g.doubleclick.net/g/collectchromecache_187.34.dr, chromecache_173.34.dr, chromecache_203.34.dr, chromecache_200.34.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://app.prntscr.com/ru/about-gallery.htmlsetup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/bs/about-gallery.htmlsetup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/thankyou_desktop.html#install_source=defaultxsetup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.000000000082D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/.http://app.prntscr.com/.http://app.prntscr.com/setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.godaddy.com/gdig2s5-4.crl0setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshotbUpdater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/&zLightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.comsetup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-IAHQC.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designersLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://ampcid.google.com/v1/publisher:getClientIdchromecache_191.34.dr, chromecache_216.34.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshotRUpdater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/thankyou_desktop.htmlsetup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, unins000.dat.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/thankyou_desktop.htmlRysetup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/9Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntsrc.com/setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-U9KAA.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/updateralUpdater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/2Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.galapagosdesign.com/DPleaseLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2083546580.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://stats.g.doubleclick.net/j/collectchromecache_216.34.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.palkornel.hu/innosetup%1setup-lightshot 1.exe, 00000000.00000003.2105416556.00000000026C2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/pt-br/learnmore.htmlasetup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshot2zUpdater.exe, 0000001E.00000002.2026802401.0000000000F54000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.zhongyicts.com.cnLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshot2Updater.exe, 0000001E.00000002.2026802401.0000000000F0C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/cs/learnmore.htmlsetup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://code.google.com/p/chromium/issues/detail?id=150835setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984661570.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937566566.0000000001199000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2984661570.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937566566.00000000011A8000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1938246577.00000000011AF000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1937514842.00000000011BD000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-IMREP.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe0Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.innosetup.com/setup-lightshot 1.exe, 00000000.00000003.1728945109.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1729384305.000000007FCD0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000000.1730462641.0000000000401000.00000020.00000001.01000000.00000004.sdmp, setupupdater.exe, 00000009.00000003.1903784482.0000000002380000.00000004.00001000.00020000.00000000.sdmp, setupupdater.exe, 00000009.00000003.1904214885.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, setupupdater.tmp, 0000000A.00000000.1905986524.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, is-5TND1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, setupupdater.tmp.9.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://twitter.com/home?source=Lightshot&status=Lightshot.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0setup-lightshot 1.tmp, 00000001.00000002.2102521073.00000000037D2000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2085245188.00000000037CA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2091538525.00000000037D2000.00000004.00000020.00020000.00000000.sdmp, Updater.exe, 00000016.00000003.2003631534.0000000000E10000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshot34C:Updater.exe, 0000001E.00000002.2026802401.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://blog.chromium.org/2013/09/saying-goodbLightshot.exe, 00000008.00000002.2984661570.0000000001178000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/MLightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://certs.godaddy.com/repository/1301setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/updaterC:Updater.exe, 00000018.00000002.2024101673.00000000006A6000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://certs.godaddy.com/repository/0setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/thankyou_desktop.html#install_source=default(setup-lightshot 1.tmp, 00000001.00000003.2092281565.0000000000825000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://pinterest.com/pin/create/button/?url=Lightshot.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exeOUpdater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/about-gallery.html1setup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/about-gallery.htmlsetup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022A2000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Screenshot history.url.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.carterandcone.comlLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.haysoft.org%1-ksetup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000349E000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.godaddy.com/gdroot-g2.crl0Fsetup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://upload.prntscr.com/upload%s/%I64d/%s/application/octet-streamimagethumbTruedirect_linkwidthhsetup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmp, is-BMVNO.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exemUpdater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/sLightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/tLightshot.exe, 00000008.00000003.2076393306.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2078047904.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2077474913.000000000336C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/pt-br/about-gallery.htmlsetup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/Y0/Lightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/thankyou_desktop.htmle/english&utmac=UA-11927135-1&utmcc=__utma%3D1.175951283setup-lightshot 1.tmp, 00000001.00000003.2092281565.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000002.2100760361.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/hLightshot.exe, 00000008.00000003.2083125560.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082698245.0000000003372000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2082927253.000000000336A000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.skillbrains.com/user.xmlUpdater.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://prntscr.com/gallery.htmlchromecache_210.34.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/learnmore.htmlsetup-lightshot 1.tmp, 00000001.00000003.2087336595.000000000346B000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000230C000.00000004.00001000.00020000.00000000.sdmp, is-4BJ6H.tmp.1.dr, Learn More.url.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/updater40Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.founder.com.cn/cn/bTheLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://app.prntscr.com/tr/learnmore.htmlsetup-lightshot 1.tmp, 00000001.00000003.2089150359.0000000002328000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://certificates.godaddy.com/repository/0setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, is-V4MCF.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUsetup-lightshot 1.exe, setupupdater.exe.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.skillbrains.com/machine.xmlUpdater.exefalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/%Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/pt-br/learnmore.htmlsetup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/US_Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/updater4Updater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.typography.netDLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://crl.thawte.com/ThawteTimestampingCA.crl0setup-lightshot 1.exe, is-1I1L2.tmp.1.dr, is-NJRC2.tmp.1.dr, is-Q717B.tmp.1.dr, is-5TND1.tmp.1.dr, is-A5GK1.tmp.1.dr, setup-lightshot 1.tmp.0.dr, is-BMVNO.tmp.1.dr, setupupdater.tmp.9.dr, is-A39OF.tmp.10.dr, setupupdater.exe.1.dr, is-QU5BV.tmp.10.dr, is-V4MCF.tmp.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://app.prntscr.com/qsetup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000231A000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.htmlLightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, is-CLMGG.tmp.1.dr, is-6A71J.tmp.1.dr, is-33HLK.tmp.1.dr, is-OLJSA.tmp.1.dr, is-7FPIH.tmp.1.dr, is-V2G6L.tmp.1.dr, is-C53KF.tmp.1.dr, is-U9KAA.tmp.1.dr, is-IAHQC.tmp.1.dr, is-RC65G.tmp.1.dr, is-59G3F.tmp.1.dr, is-JRP0E.tmp.1.dr, is-IMREP.tmp.1.dr, is-3OTJ0.tmp.1.dr, is-9MOHS.tmp.1.dr, is-BSHMP.tmp.1.dr, is-340BK.tmp.1.dr, is-OOBMK.tmp.1.dr, is-F63GH.tmp.1.dr, is-I74P8.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/cs/about-gallery.htmlaasetup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/lightshotuniUpdater.exe, 0000001C.00000002.2018984318.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://yandex.com.tr/soft/distribution/setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-QUFDK.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://code.google.com/pLightshot.exe, 00000008.00000002.2984661570.0000000001178000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000020.00000003.2020393162.0000000000C9E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/EUpdater.exe, 00000018.00000002.2024101673.00000000006B4000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fonts.comLightshot.exe, 00000008.00000003.1970496282.000000000337B000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.1975331249.000000000337B000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.sandoll.co.krLightshot.exe, 00000008.00000002.2985878473.00000000044D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://app.prntscr.com/bs/thankyou_desktop.htmlsetup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/=Updater.exe, 0000001E.00000002.2026802401.0000000000F62000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://updater.prntscr.com/getver/updater-Updater.exe, 00000018.00000002.2024101673.000000000066D000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.prntscr.com/v1.1/useridDetachRequestDoneXBDsetup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-NJRC2.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/uk/learnmore.htmlsetup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/et/thankyou_desktop.htmlsetup-lightshot 1.exe, 00000000.00000003.2109288878.0000000000940000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.exe, 00000000.00000003.1728264426.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003614000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2086605077.0000000003672000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.2089150359.000000000226A000.00000004.00001000.00020000.00000000.sdmp, setup-lightshot 1.tmp, 00000001.00000003.1731784002.0000000003200000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/jp/hLightshot.exe, 00000008.00000003.2084152861.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084713849.000000000336C000.00000004.00000020.00020000.00000000.sdmp, Lightshot.exe, 00000008.00000003.2084450149.0000000003373000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://yandex.com.tr/legal/browser_agreement/setup-lightshot 1.tmp, 00000001.00000003.2077553501.00000000066DC000.00000004.00001000.00020000.00000000.sdmp, is-QUFDK.tmp.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://app.prntscr.com/tr/about-gallery.html1_setup-lightshot 1.tmp, 00000001.00000003.2089150359.00000000022B5000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.184.196
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  104.23.140.12
                  		updater.prntscr.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  104.23.139.12
                  		app.prntscr.comUnited States
                  		13335CLOUDFLARENETUSfalse
                  104.16.80.73
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  93.158.134.119
                  		mc.yandex.ruRussian Federation
                  		13238YANDEXRUfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  104.16.79.73
                  		static.cloudflareinsights.comUnited States
                  		13335CLOUDFLARENETUSfalse

                  Private

                  IP
                  192.168.2.4
                  192.168.2.5

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1520341
                  Start date and time:2024-09-27 08:29:03 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 10m 0s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:39
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:setup-lightshot 1.exe
                  Detection:CLEAN
                  Classification:clean10.evad.winEXE@64/253@24/9
                  EGA Information:
                  • Successful, ratio: 83.3%
                  HCA Information:
                  • Successful, ratio: 98%
                  • Number of executed functions: 67
                  • Number of non-executed functions: 381
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 172.217.23.110, 199.232.214.172, 192.229.221.95, 93.184.221.240, 142.250.184.227, 142.250.185.206, 64.233.166.84, 34.104.35.123, 142.250.185.168, 142.250.186.174, 142.250.185.238, 142.250.186.168, 172.217.18.99, 172.217.18.110
                  • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com, www.google-analytics.com
                  • Execution Graph export aborted for target setup-lightshot 1.tmp, PID 7044 because there are no executed function
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: setup-lightshot 1.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  02:30:24API Interceptor2x Sleep call for process: Updater.exe modified
                  07:30:19AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Lightshot C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
                  07:30:23Task SchedulerRun new task: update-sys path: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe s>-runmode=checkupdate
                  07:30:26Task SchedulerRun new task: update-S-1-5-21-2246122658-3693405117-2476756634-1002 path: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe s>-runmode=checkupdate

                  LLM Input / Output

                  InputOutput
                  URL: https://app.prntscr.com/en/thankyou_desktop.html#install_source=default Model: jbxai
                  {
"brand":["LightShot"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["Print Screen",
"keyboard",
"Upload an image and share it with your friends"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: https://app.prntscr.com/en/thankyou_desktop.html#install_source=default Model: jbxai
                  {
"brand":["LightShot"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["Print Screen",
"keyboard",
"Upload an image and share it with your friends"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  104.23.139.12https://tinyurl.com/2abosd8kGet hashmaliciousUnknownBrowse
                    93.158.134.119http://manga-netflix10737.tinyblogging.com.xx3.kz/Get hashmaliciousUnknownBrowse
                    • mc.yandex.ru/metrika/watch.js
                    239.255.255.250http://breach-ads-notification.netlify.app/sample-appeal-id856193/Get hashmaliciousUnknownBrowse
                      http://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                        https://d2y5b082yylhnc.cloudfront.net/Get hashmaliciousUnknownBrowse
                          http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                            https://tiktomallapp.top/Get hashmaliciousUnknownBrowse
                              http://steephan2003.github.io/Get hashmaliciousHTMLPhisherBrowse
                                http://ee-charge-recovery.web.app/Get hashmaliciousUnknownBrowse
                                  https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                    http://dashing-brioche-5d3921.netlify.app/Get hashmaliciousHTMLPhisherBrowse
                                      http://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                        104.16.80.73http://tokenpblket.com/Get hashmaliciousHTMLPhisherBrowse
                                          http://ecometanexus.unids.com/Get hashmaliciousUnknownBrowse
                                            http://notrobotspark-1btre.web.app/Get hashmaliciousUnknownBrowse
                                              https://llgregory.com/Get hashmaliciousUnknownBrowse
                                                http://www.token-webpanel.com/Get hashmaliciousUnknownBrowse
                                                  https://lsaustralasia-my.sharepoint.com/:f:/g/personal/janine_lsaust_com_au/EggCi2jFo0JOu2itfCjIwu4B_JvtVZTi0sK58OhnVfOx1Q?e=1IcsEeGet hashmaliciousUnknownBrowse
                                                    http://rewardsforyoutoclaim.pages.dev/Get hashmaliciousUnknownBrowse
                                                      http://rewards-tokss-foryou.pages.dev/Get hashmaliciousUnknownBrowse
                                                        https://fastsoluudapppmigratee.com/Get hashmaliciousUnknownBrowse
                                                          https://shiseiki.com/Get hashmaliciousUnknownBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            static.cloudflareinsights.comhttp://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.16.79.73
                                                            https://tokenp0kczt.net/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.16.79.73
                                                            http://tokenpblket.com/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.16.80.73
                                                            https://phase-thief-0566.typedream.app/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            http://ecometanexus.unids.com/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            http://bankingaud.sbs/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            https://llgregory.com/Get hashmaliciousUnknownBrowse
                                                            • 104.16.80.73
                                                            http://www.token-webpanel.com/Get hashmaliciousUnknownBrowse
                                                            • 104.16.80.73
                                                            https://docs.zoom.us/doc/c63Sae4RQ6OyTcxmh_zLzw?from=email&data=05%7C02%7CRyan.Deiter@americansignature.com%7Ce3b8b957491b4e36dfd108dcde65b619%7C5c02e89ab9684d4e960de62c7cd02766%7C0%7C0%7C638629775655136517%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=RMvLQDF1y92hR5HKChbiO0e0aKONAOKzPjDkQ4i5MTY=&reserved=0Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            https://lsaustralasia-my.sharepoint.com/:f:/g/personal/janine_lsaust_com_au/EggCi2jFo0JOu2itfCjIwu4B_JvtVZTi0sK58OhnVfOx1Q?e=1IcsEeGet hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            mc.yandex.ruhttp://instagram.totalh.net/Get hashmaliciousUnknownBrowse
                                                            • 87.250.250.119
                                                            http://cl41155.tw1.ru/clients/Get hashmaliciousUnknownBrowse
                                                            • 87.250.251.119
                                                            https://uhcdenal.com/Get hashmaliciousUnknownBrowse
                                                            • 87.250.250.119
                                                            http://bk.ruGet hashmaliciousHTMLPhisherBrowse
                                                            • 87.250.251.119
                                                            https://krasnodar-arena-kassa.ru/Get hashmaliciousUnknownBrowse
                                                            • 93.158.134.119
                                                            http://konserv-kassa.com/Get hashmaliciousUnknownBrowse
                                                            • 87.250.251.119
                                                            https://kremlcup.com/Get hashmaliciousUnknownBrowse
                                                            • 87.250.250.119
                                                            http://17ebook.comGet hashmaliciousUnknownBrowse
                                                            • 93.158.134.119
                                                            http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                            • 77.88.21.119
                                                            http://redirectblacklitss-e3z.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                            • 77.88.21.119

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            CLOUDFLARENETUShttp://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                                                            • 104.21.35.53
                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                            • 104.26.4.15
                                                            http://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://imtokens.world/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            http://notrobotspark-1atre.web.app/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            https://pdf-online.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://satellite-doge1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                            • 172.66.44.58
                                                            http://fishing-lake-vip.pics/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1Get hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.96.3
                                                            CLOUDFLARENETUShttp://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                                                            • 104.21.35.53
                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                            • 104.26.4.15
                                                            http://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://imtokens.world/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            http://notrobotspark-1atre.web.app/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            https://pdf-online.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://satellite-doge1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                            • 172.66.44.58
                                                            http://fishing-lake-vip.pics/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1Get hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.96.3
                                                            YANDEXRUhttp://instagram.totalh.net/Get hashmaliciousUnknownBrowse
                                                            • 87.250.250.119
                                                            http://cl41155.tw1.ru/clients/Get hashmaliciousUnknownBrowse
                                                            • 77.88.21.179
                                                            https://uhcdenal.com/Get hashmaliciousUnknownBrowse
                                                            • 87.250.251.119
                                                            http://clck.ru/3DSS5HGet hashmaliciousUnknownBrowse
                                                            • 213.180.204.232
                                                            https://www.google.com.ai/amp/clck.ru/3DSSCz?hghghghHGVGvbbgffGFHGJdgddghfhghfgdgdgdgfhgg?sdfsewsrewrettfgGet hashmaliciousUnknownBrowse
                                                            • 213.180.204.221
                                                            http://bk.ruGet hashmaliciousHTMLPhisherBrowse
                                                            • 77.88.21.179
                                                            https://sucursal-virtual03.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                            • 77.88.21.90
                                                            xBneIooWzQjjOOg.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 77.88.21.158
                                                            https://krasnodar-arena-kassa.ru/Get hashmaliciousUnknownBrowse
                                                            • 77.88.21.119
                                                            http://konserv-kassa.com/Get hashmaliciousUnknownBrowse
                                                            • 87.250.251.119
                                                            CLOUDFLARENETUShttp://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                                                            • 104.21.35.53
                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                            • 104.26.4.15
                                                            http://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://imtokens.world/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            http://notrobotspark-1atre.web.app/Get hashmaliciousUnknownBrowse
                                                            • 104.16.79.73
                                                            https://pdf-online.on-fleek.app/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://satellite-doge1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                            • 172.66.44.58
                                                            http://fishing-lake-vip.pics/Get hashmaliciousUnknownBrowse
                                                            • 188.114.97.3
                                                            https://cnrsys.com/.jhg/#5kZtQ3bfand0TbubQ3b5kZtingQ3br07xhH05Q3brbigQ3brd0TR3wH05nZ1Get hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.96.3

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            28a2c9bd18a11de089ef85a160da29e4http://breach-ads-notification.netlify.app/sample-appeal-id856193/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://www.dh91l.icu/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            https://d2y5b082yylhnc.cloudfront.net/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            https://tiktomallapp.top/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://steephan2003.github.io/Get hashmaliciousHTMLPhisherBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://ee-charge-recovery.web.app/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://dashing-brioche-5d3921.netlify.app/Get hashmaliciousHTMLPhisherBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            http://www.hongkong-post.frairza.com/Get hashmaliciousUnknownBrowse
                                                            • 52.165.165.26
                                                            • 184.28.90.27
                                                            37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                            • 93.158.134.119
                                                            SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exeGet hashmaliciousUnknownBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                            • 93.158.134.119
                                                            SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exeGet hashmaliciousUnknownBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, Stealc, VidarBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, RDPWrap Tool, LummaC Stealer, VidarBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                            • 93.158.134.119
                                                            file.exeGet hashmaliciousVidarBrowse
                                                            • 93.158.134.119

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):875160
                                                            Entropy (8bit):6.524839226424313
                                                            Encrypted:false
                                                            SSDEEP:24576:Nqfz6nVuOJTKkPxeJ8kdJE1XM3h4qXy8J:QzypOZzB3htC8J
                                                            MD5:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            SHA1:D7F284E9A8D3A3B5A832C37B58382000B583FBC1
                                                            SHA-256:C4CE15B1BC8ADECBF20A655256AAB267C1D72E7A33947598AF48EA287CCA5670
                                                            SHA-512:7B7E34AA69E2E92590B79D2B9C9FD095D15FC5A2943335D0F59CDEE15083A8BB1A66B669615CE716BB714A59A1BE54E8FEA88A5889BFA8E0371E7EB8902FA555
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...WbQ.WbQ.WbQ...Q.WbQ...Q.WbQ...Q.WbQ...Q.WbQ./.Q.WbQ./.Q.WbQ.WcQvWbQ...Q.WbQ...Q.WbQ.W.Q.WbQ...Q.WbQRich.WbQ........PE..L......X.............................[....... ....@.......................................@..................................Q..,........)...........D.......0..`~...$..8............................\..@............ ..`............................text............................... ..`.rdata...E... ...F..................@..@.data........p...L...N..............@....rsrc....).......*..................@..@.reloc..`~...0......................@..B................................................................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\is-QU5BV.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):875160
                                                            Entropy (8bit):6.524839226424313
                                                            Encrypted:false
                                                            SSDEEP:24576:Nqfz6nVuOJTKkPxeJ8kdJE1XM3h4qXy8J:QzypOZzB3htC8J
                                                            MD5:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            SHA1:D7F284E9A8D3A3B5A832C37B58382000B583FBC1
                                                            SHA-256:C4CE15B1BC8ADECBF20A655256AAB267C1D72E7A33947598AF48EA287CCA5670
                                                            SHA-512:7B7E34AA69E2E92590B79D2B9C9FD095D15FC5A2943335D0F59CDEE15083A8BB1A66B669615CE716BB714A59A1BE54E8FEA88A5889BFA8E0371E7EB8902FA555
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...WbQ.WbQ.WbQ...Q.WbQ...Q.WbQ...Q.WbQ...Q.WbQ./.Q.WbQ./.Q.WbQ.WcQvWbQ...Q.WbQ...Q.WbQ.W.Q.WbQ...Q.WbQRich.WbQ........PE..L......X.............................[....... ....@.......................................@..................................Q..,........)...........D.......0..`~...$..8............................\..@............ ..`............................text............................... ..`.rdata...E... ...F..................@..@.data........p...L...N..............@....rsrc....).......*..................@..@.reloc..`~...0......................@..B................................................................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\Updater\MachineProducts.xml

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:XML 1.0 document, ASCII text, with very long lines (373), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):373
                                                            Entropy (8bit):4.867857443132644
                                                            Encrypted:false
                                                            SSDEEP:6:TM3i0brKdW9E5N/RmsRugeX4sR9gNGGRfJ52OYh4iLEWFHiUaPfMPjSKy909aEkm:TM3i0bh9iFjaXNR9gwu2bBL1FHiU0fMj
                                                            MD5:C09CC520F19DF1BB59AC85EE57CD24EA
                                                            SHA1:FD5F46677BF1786A54F153201581728E96957609
                                                            SHA-256:27BF875E572455AAADE46C5BC19CA253BD651EFD7BCB4A48A0054D2EA6A55DEF
                                                            SHA-512:249380175CCAD2EC4E76CC7F3B11ACFAF48F170F40EA0CBA900D6EFC430D69DA4FB203B89E1BDDDCF58FB5EC4233915621054D63B6AF246541683DBB7EF69BD6
                                                            Malicious:false
                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><products><product friendlyname='Skillbrains Updater!' installurl='' intname='updater' needadmin='yes' productdir='C:\Program Files (x86)\Skillbrains\Updater' uninstall='' updateurl='http://updater.prntscr.com/getver/updater' version='1.8.0.0'><registryactions></registryactions><unistallactions></unistallactions></product></products>

                                                            C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):414872
                                                            Entropy (8bit):5.674322626128572
                                                            Encrypted:false
                                                            SSDEEP:6144:DOZRCk/KipyIRx07QQSjHmWF2HJkz2IdbhcmBKT8bNbJ:iyk/VyIRMQQSjGW4HJY4TCNbJ
                                                            MD5:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            SHA1:EE2E65CBBAA22DB70D89B85DB28EE955D4DB12F9
                                                            SHA-256:A5E3BDC3B0B0BD6455892E23008161B5478B24F4FE1801F43A8A01CFFF1BCBA7
                                                            SHA-512:0F50CE35241D5D55F0F3BAE6FB38DE39213A48D356478EFAC76C0292B286B58DDB855E130FD03BDF3CD63E141AA14FFD5318671E9885B2C17411F8BA3ABA6189
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8...k...k...k...k...k...k..k...k...k%..j...k%..j...k%..j...k..rk...k...k..k...j...k...k...k..vk...k...j...kRich...k........PE..L...=..X............................0@............@.................................eR....@..................................r..d....................>.......P...%...c..T....................d......(d..@............................................text............................... ..`.rdata..............................@..@.data................l..............@....tls.................v..............@....rsrc................x..............@..@.reloc...%...P...&..................@..B................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\Updater\info.xml

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):276
                                                            Entropy (8bit):5.043696768304233
                                                            Encrypted:false
                                                            SSDEEP:6:JiMVBd/hd+hLNQGRQ52OYsBLHlZ/LJJBsRDhUaPfMxSETyRu:MMHdkLNm2yHPLqlG0fMxfy0
                                                            MD5:466B19BC0B21FE6667778A0C114A9D25
                                                            SHA1:3B930A9A836F39467B7BFCE4A35499FEF7803C36
                                                            SHA-256:EFCE940E2E2504326DCE91E1112DC19C31A9DE49F0FC34886389D36997594EF0
                                                            SHA-512:1D995818BED8C356AA691EF19A6CE3DF54C2FA08C086304F32B0F963934CA6402F1890BDD376D2CB411C58561E3740B73125A4CF0187FF49172D57B3B712028A
                                                            Malicious:false
                                                            Preview:.<?xml version="1.0" encoding="UTF-8"?>..<product intname="updater" productdir="C:\Program Files (x86)\Skillbrains\Updater" uninstall="" friendlyname="Skillbrains Updater!" updateurl="http://updater.prntscr.com/getver/updater" version="1.8.0.0" needadmin="yes" ></product>..

                                                            C:\Program Files (x86)\Skillbrains\Updater\is-A39OF.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):414872
                                                            Entropy (8bit):5.674322626128572
                                                            Encrypted:false
                                                            SSDEEP:6144:DOZRCk/KipyIRx07QQSjHmWF2HJkz2IdbhcmBKT8bNbJ:iyk/VyIRMQQSjGW4HJY4TCNbJ
                                                            MD5:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            SHA1:EE2E65CBBAA22DB70D89B85DB28EE955D4DB12F9
                                                            SHA-256:A5E3BDC3B0B0BD6455892E23008161B5478B24F4FE1801F43A8A01CFFF1BCBA7
                                                            SHA-512:0F50CE35241D5D55F0F3BAE6FB38DE39213A48D356478EFAC76C0292B286B58DDB855E130FD03BDF3CD63E141AA14FFD5318671E9885B2C17411F8BA3ABA6189
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 5%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8...k...k...k...k...k...k..k...k...k%..j...k%..j...k%..j...k..rk...k...k..k...j...k...k...k..vk...k...j...kRich...k........PE..L...=..X............................0@............@.................................eR....@..................................r..d....................>.......P...%...c..T....................d......(d..@............................................text............................... ..`.rdata..............................@..@.data................l..............@....tls.................v..............@....rsrc................x..............@..@.reloc...%...P...&..................@..B................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\Updater\updater.log

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:Unicode text, UTF-8 text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):3
                                                            Entropy (8bit):1.584962500721156
                                                            Encrypted:false
                                                            SSDEEP:3:g:g
                                                            MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
                                                            SHA1:57218C316B6921E2CD61027A2387EDC31A2D9471
                                                            SHA-256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
                                                            SHA-512:37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
                                                            Malicious:false
                                                            Preview:.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):95656
                                                            Entropy (8bit):6.415071063495964
                                                            Encrypted:false
                                                            SSDEEP:1536:tBT+lkTh/lku5SaO/Wrih+m9CnKG6AQFGWks8jcdFMAGjORgOPZuiY:tUylku4tVQDL6AiBcjOWOx8
                                                            MD5:25C632CD2F529BA142FA706205AC00C9
                                                            SHA1:495B777348D26E5FA75DFBF6B50498428FE7748B
                                                            SHA-256:6ACDCD817CC5DF637AA4CD101C25C9E0A69C778347A7A40CE7511EEEA26FD6F0
                                                            SHA-512:606E9856EB8153F9DAB7F4C23FF967B2D9CE9FCF1902823A424CA4B4EE0A4F1A95BFDD316356DD65831C494F7E74EC4562BF684AB6A20C3376ABEF8FF10F6C7A
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X}.............(......*......+.....d]....'B....'B....'B.8...dJ...........B.....B.....B&......N.....B....Rich...........................PE..L....M5]...........!.................-....................................................@..........................9..\....9..x....................\...............+..p....................,......0,..@...............d............................text............................... ..`.rdata...b.......d..................@..@.data........P.......8..............@....gfids.......p.......B..............@..@.tls.................D..............@....rsrc................F..............@..@.reloc...............L..............@..B........................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):502696
                                                            Entropy (8bit):7.389939877593927
                                                            Encrypted:false
                                                            SSDEEP:6144:KRw0/kvcmZeLud73D1Rcs+cjGl7AR5MyBAqc0x61QZX5z7n:K+EUeLe3D16d7AXJOYxvlZ7n
                                                            MD5:F256A9C7E68A249FE760019D19C022CE
                                                            SHA1:5A6279EF4F82270B756053CD34BBA96D7FE0CE05
                                                            SHA-256:04A27F0D1E89341722461119E00A10E00EC2A52F5E305961161EC4378E610E93
                                                            SHA-512:A97F1CD4554D59EE0D69DF6EBFC234E025C5E6E64C057F28C62F3743C8CCF8B502CE3EAFC437A34A492B6B590FE62591293E551D0E7DB5B6036890A64E6D8DE9
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........R...<...<...<.;l....<.;l....<.;l....<...?...<...8...<...9...<.......<...=...<.......<.......<.%.5...<.%.<...<.%.....<......<.%.>...<.Rich..<.........................PE..L....M5]...........!................................................................F....@.........................._.......`..........x........................-...$..p....................%......P%..@............................................text...t........................... ..`.rdata..............................@..@.data....%...........n..............@....gfids..............................@..@.tls................................@....rsrc...x...........................@..@.reloc...-...........d..............@..B................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):499624
                                                            Entropy (8bit):6.110809334310596
                                                            Encrypted:false
                                                            SSDEEP:12288:cl1dT6lwApgXttZmPdsfkmDU3pRQa/JSQE:Q1d0wVmPdsfkP3zQa/JSH
                                                            MD5:1E1C83B9680029AD4A9F8D3B3AC93197
                                                            SHA1:FA7B69793454131A5B21B32867533305651E2DD4
                                                            SHA-256:0B899508777D7ED5159E2A99A5EFF60C54D0724493DF3D630525B837FA43AA51
                                                            SHA-512:FE6F8DF3DBBCC7535EAD60028EC3E45801A33CCC81C9137B2288BC0D18BE42379564C907EB406CE9491F46930690EFA9A86A9F6506414992B5DBA75ADB3D1136
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........GkO.&...&...&..S....&..S...l&..S....&...x...&...x...&...x...&...^...&...^...&...&...'..Mx...&..Mx...&...&...&..Mx...&..Rich.&..........................PE..L....M5]..........................................@.................................i_....@.................................H...........x.......................|4..P/..p....................0......./..@............................................text.............................. ..`.rdata..@...........................@..@.data....&..........................@....gfids..4...........................@..@.tls................................@....rsrc...x...........................@..@.reloc..|4.......6...P..............@..B................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1I1L2.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):95656
                                                            Entropy (8bit):6.415071063495964
                                                            Encrypted:false
                                                            SSDEEP:1536:tBT+lkTh/lku5SaO/Wrih+m9CnKG6AQFGWks8jcdFMAGjORgOPZuiY:tUylku4tVQDL6AiBcjOWOx8
                                                            MD5:25C632CD2F529BA142FA706205AC00C9
                                                            SHA1:495B777348D26E5FA75DFBF6B50498428FE7748B
                                                            SHA-256:6ACDCD817CC5DF637AA4CD101C25C9E0A69C778347A7A40CE7511EEEA26FD6F0
                                                            SHA-512:606E9856EB8153F9DAB7F4C23FF967B2D9CE9FCF1902823A424CA4B4EE0A4F1A95BFDD316356DD65831C494F7E74EC4562BF684AB6A20C3376ABEF8FF10F6C7A
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......X}.............(......*......+.....d]....'B....'B....'B.8...dJ...........B.....B.....B&......N.....B....Rich...........................PE..L....M5]...........!.................-....................................................@..........................9..\....9..x....................\...............+..p....................,......0,..@...............d............................text............................... ..`.rdata...b.......d..................@..@.data........P.......8..............@....gfids.......p.......B..............@..@.tls.................D..............@....rsrc................F..............@..@.reloc...............L..............@..B........................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1M2R2.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/ru/learnmore.html>), ASCII text
                                                            Category:dropped
                                                            Size (bytes):63
                                                            Entropy (8bit):4.303852590718637
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQF6FiZ7kWCGn:HRYF7Fa7kZG
                                                            MD5:2965233936B91BD8BB3D9EEAF91FA6AE
                                                            SHA1:9CD3995294970CE009A4B9B4F91CCC86C955E1DC
                                                            SHA-256:78C231231AC2C07AE87A1E3BEC5869D6568A16C66E5922AF1310B811837F8925
                                                            SHA-512:82B42EA1D4A6AE0D0C9A056BF2E1F2E21F0F5689B4C9C32F1B1975C2BAEC3B2E8BB46C31A41E88E014196B6792D4286EC170271C5E260ABFC921E18E90D1EC23
                                                            Malicious:false
                                                            Preview:[InternetShortcut].URL=http://app.prntscr.com/ru/learnmore.html

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-4BJ6H.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.306238928653388
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQF6FiZ7YWCGn:HRYF7Fa7YZG
                                                            MD5:61CBFB8CA48B0BE0BC4D2F3C286D5B2E
                                                            SHA1:4024015085B9058DE26A3A3739CB4C856F21A637
                                                            SHA-256:C8345F016B914C6502173CD41BF7CD23D6BE3FD6F7D8F274845FE02595538B37
                                                            SHA-512:83C2BEB29690E7BCBF4EDFD99D9576562B4D75272C5155A7E641853B29BE74420CCC098115BBD3709771CCABE6F76C5F0FF107ECBBCF2C30FA58A76480CC5393
                                                            Malicious:false
                                                            Preview:[InternetShortcut].URL=http://app.prntscr.com/learnmore.html

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-A5GK1.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):502696
                                                            Entropy (8bit):7.389939877593927
                                                            Encrypted:false
                                                            SSDEEP:6144:KRw0/kvcmZeLud73D1Rcs+cjGl7AR5MyBAqc0x61QZX5z7n:K+EUeLe3D16d7AXJOYxvlZ7n
                                                            MD5:F256A9C7E68A249FE760019D19C022CE
                                                            SHA1:5A6279EF4F82270B756053CD34BBA96D7FE0CE05
                                                            SHA-256:04A27F0D1E89341722461119E00A10E00EC2A52F5E305961161EC4378E610E93
                                                            SHA-512:A97F1CD4554D59EE0D69DF6EBFC234E025C5E6E64C057F28C62F3743C8CCF8B502CE3EAFC437A34A492B6B590FE62591293E551D0E7DB5B6036890A64E6D8DE9
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........R...<...<...<.;l....<.;l....<.;l....<...?...<...8...<...9...<.......<...=...<.......<.......<.%.5...<.%.<...<.%.....<......<.%.>...<.Rich..<.........................PE..L....M5]...........!................................................................F....@.........................._.......`..........x........................-...$..p....................%......P%..@............................................text...t........................... ..`.rdata..............................@..@.data....%...........n..............@....gfids..............................@..@.tls................................@....rsrc...x...........................@..@.reloc...-...........d..............@..B................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-BMVNO.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):220584
                                                            Entropy (8bit):6.536382959641074
                                                            Encrypted:false
                                                            SSDEEP:6144:AZpCXaiKWyj0I5q7Izq9Dd0gwjeNnQiaHv:9XaiKl4I5q7w2Dd0PjfLP
                                                            MD5:08CF9E363D79C9379CABD75382131315
                                                            SHA1:22CE1F3506FC46976F2D5DCC5A5735CE8EDE63BF
                                                            SHA-256:037EE2F3243918FFFA71B9E3FE0541245F75F89ABCAC0CCF2EA6A57020DDAAD7
                                                            SHA-512:CAB0C8A5B8596054315C69F1FF858DA1FAD89EA1E3C28D4C90411C293B6B40438E2BE67E029A51279637F2704E30903D0D4751E31FA1D1B2AF0393AF90C8907B
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{{....@...@...@W..@...@W..@k..@W..@...@.b.@...@.D.A...@.D.A...@.D.A...@.b.@...@...@9..@ID.A...@ID.A...@ID.@...@...@...@ID.A...@Rich...@................PE..L....M5]...........!.....L...................`............................................@.............................h...(........`..P............D.......p..."..0...p...............................@............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data... .... ......................@....gfids.......@......................@..@.tls.........P......................@....rsrc...P....`......................@..@.reloc..."...p...$... ..............@..B................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-NJRC2.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):499624
                                                            Entropy (8bit):6.110809334310596
                                                            Encrypted:false
                                                            SSDEEP:12288:cl1dT6lwApgXttZmPdsfkmDU3pRQa/JSQE:Q1d0wVmPdsfkP3zQa/JSH
                                                            MD5:1E1C83B9680029AD4A9F8D3B3AC93197
                                                            SHA1:FA7B69793454131A5B21B32867533305651E2DD4
                                                            SHA-256:0B899508777D7ED5159E2A99A5EFF60C54D0724493DF3D630525B837FA43AA51
                                                            SHA-512:FE6F8DF3DBBCC7535EAD60028EC3E45801A33CCC81C9137B2288BC0D18BE42379564C907EB406CE9491F46930690EFA9A86A9F6506414992B5DBA75ADB3D1136
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........GkO.&...&...&..S....&..S...l&..S....&...x...&...x...&...x...&...^...&...^...&...&...'..Mx...&..Mx...&...&...&..Mx...&..Rich.&..........................PE..L....M5]..........................................@.................................i_....@.................................H...........x.......................|4..P/..p....................0......./..@............................................text.............................. ..`.rdata..@...........................@..@.data....&..........................@....gfids..4...........................@..@.tls................................@....rsrc...x...........................@..@.reloc..|4.......6...P..............@..B................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-V4MCF.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):532904
                                                            Entropy (8bit):6.677919829499898
                                                            Encrypted:false
                                                            SSDEEP:12288:gPHfYd2RN8oXzSLOah1DObBVVEXMlworR2vbbc1pb1A30l0Va9e3A:gPHgbSpSUsvuVu3se3A
                                                            MD5:E68D7EAD1C2F5970541346AC8CB6F4FB
                                                            SHA1:F0E737DBF948141CF2499B0AA75C4774EF4CE2B7
                                                            SHA-256:45B2C27A4345D789287539DD82C9F85AC9324D01825F6E2E0C2CDD4C4172C038
                                                            SHA-512:11703B51D4DC40ED8EF0E502662055127D2A1C34E0FA09C204CEEFEE3DB6E7C567F519526E7794801AB7CB921BF29CC10E67C3C34426D2B1797080B52C748B4D
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......u^i.1?..1?..1?......=?.......?......+?......7?...a..)?...a..#?...a...?..8G..0?..1?...?..8G..*?...a..n?...a..8?...a..0?...a..0?..1?..0?...a..0?..Rich1?..................PE..L...wM5]...........!.....`..........W........p...............................`............@............................x...X....................................G..@...p...............................@............p..8............................text....^.......`.................. ..`.rdata...E...p...F...d..............@..@.data...0...........................@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc...G.......H..................@..B................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\learnmore.url (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text
                                                            Category:dropped
                                                            Size (bytes):60
                                                            Entropy (8bit):4.306238928653388
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQF6FiZ7YWCGn:HRYF7Fa7YZG
                                                            MD5:61CBFB8CA48B0BE0BC4D2F3C286D5B2E
                                                            SHA1:4024015085B9058DE26A3A3739CB4C856F21A637
                                                            SHA-256:C8345F016B914C6502173CD41BF7CD23D6BE3FD6F7D8F274845FE02595538B37
                                                            SHA-512:83C2BEB29690E7BCBF4EDFD99D9576562B4D75272C5155A7E641853B29BE74420CCC098115BBD3709771CCABE6F76C5F0FF107ECBBCF2C30FA58A76480CC5393
                                                            Malicious:false
                                                            Preview:[InternetShortcut].URL=http://app.prntscr.com/learnmore.html

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\learnmore_ru.url (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/ru/learnmore.html>), ASCII text
                                                            Category:dropped
                                                            Size (bytes):63
                                                            Entropy (8bit):4.303852590718637
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQF6FiZ7kWCGn:HRYF7Fa7kZG
                                                            MD5:2965233936B91BD8BB3D9EEAF91FA6AE
                                                            SHA1:9CD3995294970CE009A4B9B4F91CCC86C955E1DC
                                                            SHA-256:78C231231AC2C07AE87A1E3BEC5869D6568A16C66E5922AF1310B811837F8925
                                                            SHA-512:82B42EA1D4A6AE0D0C9A056BF2E1F2E21F0F5689B4C9C32F1B1975C2BAEC3B2E8BB46C31A41E88E014196B6792D4286EC170271C5E260ABFC921E18E90D1EC23
                                                            Malicious:false
                                                            Preview:[InternetShortcut].URL=http://app.prntscr.com/ru/learnmore.html

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ar.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (610)
                                                            Category:dropped
                                                            Size (bytes):11008
                                                            Entropy (8bit):5.216434895376966
                                                            Encrypted:false
                                                            SSDEEP:192:7M3NbTZbVQiK9by4eFA6QOVG94YG9m/xFRcVWd:w9ZbVbK9by4EA6Qt479MxFRn
                                                            MD5:CD83A38536EF1AC82033C88B40C1C299
                                                            SHA1:39946888C6DBDD2327AEB9B3F323C85B80D01B15
                                                            SHA-256:1671AE6D38467FE894E2190AC4E03ECF443BCDB535348B4E3B861BC8BB030C58
                                                            SHA-512:FA71259F29AD9C7D5ADF37ADF971F9465551E23F2AA565AD8AE8700A9F093A290D182A36264206056538BF3DA5A47A962B86F6BF83D2F3942C800010B7FC41CF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[...]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..... ...... .....]].[[screenshot_plugin.clear]]=[[..... ........]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[..... ...... .. ......]].[[screenshot_plugin.upload]]=[[... ...... ... Prntscr.com]].[[screenshot_plugin.close]]=[[.....]]..[[screenshot_plugin.share_googlesearch]]=[[..... .. .... ..... .. ....]].[[screenshot_plugin.share_tineyesearch]]=[[..... .. .... ...... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[..... ... .......]].[[screenshot_plugin.share_twitter]]=[[... ... .....]].[[screenshot_plugin.share_facebook]]=[[...... ... ........]].[[screenshot_plugin.share_vk]]=[[........ ... VK]].[[screenshot_plugin.share_pinterest]]=

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\be.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (960)
                                                            Category:dropped
                                                            Size (bytes):14817
                                                            Entropy (8bit):5.250728591248304
                                                            Encrypted:false
                                                            SSDEEP:384:qstnV2IxGGG6JMjGqiOGuytcE0CzQh2WuELEefdnhEx:5p7gCkEBELP54
                                                            MD5:1E03EAEA8317F8957E3550C5CBE7B1C2
                                                            SHA1:AA99447995880271B770698C95949DAD750A148D
                                                            SHA-256:A8F0633F9AC6B0AA75477547D254E41A2B7571F1E832F8E22F2DA47C12ACA023
                                                            SHA-512:1695B65441B72CFA68020E4C11894645FB3ED13F74ED847C53E0CD4ED0D89FCBC6BE7FE37483F1E21348EC16F31FCF327505BA1E149F05215285B54FC49BE8E6
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[.........]].[[screenshot_plugin.fullscreen]]=[[........ ..... .....]].[[screenshot_plugin.clear]]=[[......... .........]].[[screenshot_plugin.cancel]]=[[.........]].[[screenshot_plugin.editonline]]=[[.......... ...... ...... ......]].[[screenshot_plugin.upload]]=[[........... .. prntscr.com]].[[screenshot_plugin.close]]=[[........]]..[[screenshot_plugin.share_googlesearch]]=[[...... ........ ........ . Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ........ ........ . Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... .... email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... . Facebook]].[[screens

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bg.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1008)
                                                            Category:dropped
                                                            Size (bytes):14747
                                                            Entropy (8bit):5.151861698418845
                                                            Encrypted:false
                                                            SSDEEP:192:ublJkhL8JJeAVUQHrJWIyVpiX2dZVAkVd/36bY:uhJkJqsq8riX2xkY
                                                            MD5:BB52B0A262414EB4D611072E7ADF8C58
                                                            SHA1:F7507947C3B45337409A2CC8133B1E685698A825
                                                            SHA-256:57EC7737EB0BCCC19F8674F1CC462C2A9A8554E2B0A167E3F01B8BC94129E054
                                                            SHA-512:FBB9B407892FEE54664FF63E700AC490D397A30A4EC64C433002ACA8D0806E1114C564DE05D0E5EB8574EC4CF1A2D8F42A78518F863E2D9DECEE9CC9B86E8467
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.........]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[..........]].[[screenshot_plugin.fullscreen]]=[[........ .. ..... .....]].[[screenshot_plugin.clear]]=[[..........]].[[screenshot_plugin.cancel]]=[[......]].[[screenshot_plugin.editonline]]=[[...... ...........]].[[screenshot_plugin.upload]]=[[....... . prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[....... .. ....... ........... . Google]].[[screenshot_plugin.share_tineyesearch]]=[[....... .. ....... ........... . Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... .... email]].[[screenshot_plugin.share_twitter]]=[[....... . Twitter]].[[screenshot_plugin.share_facebook]]=[[....... . Facebook]].[[screenshot_plugin.share_vk]]=[[....... .

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bn-BD.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (964)
                                                            Category:dropped
                                                            Size (bytes):19027
                                                            Entropy (8bit):4.732656173496707
                                                            Encrypted:false
                                                            SSDEEP:192:ymv+jGFpi96ZkSaMSbZU+kBMMqJxb5t00Ue7g0acUzSq:bvyGF8cZkSaM2ZGMM2xb5t0VYg0acUOq
                                                            MD5:BCB08DB5044B9ECD6FDD972342919E64
                                                            SHA1:225C6464CA0FE7CF5BEF790ABD7DBFEF7232890B
                                                            SHA-256:6AB63FBA0DEDFEAD6B75105378015DDC38F4C72007A1D2D4DB8BAEE9FE3CD93D
                                                            SHA-512:0290B6584C3DA452A7CA5EA654CF1B9834BA3409EF093470881CF9AE2C833E6BADDC462FB59D0B534FFFA6ED08199C1A8FE73FA6B706CFCF892E7D9BDFDE5E35
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[... ....]].[[screenshot_plugin.copy]]=[[... ....]].[[screenshot_plugin.print]]=[[....... ....]].[[screenshot_plugin.fullscreen]]=[[........ ....... ....... ....]].[[screenshot_plugin.clear]]=[[....... ..... ....]].[[screenshot_plugin.cancel]]=[[..... ....]].[[screenshot_plugin.editonline]]=[[....... .... ......... .... ....]].[[screenshot_plugin.upload]]=[[Prntscr.com . ..... ....]].[[screenshot_plugin.close]]=[[.... ....]]..[[screenshot_plugin.share_googlesearch]]=[[..... ... ..... ... ......]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye .. ...... ... ......]].[[screenshot_plugin.share_sendmail]]=[[...... .....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bs.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (972)
                                                            Category:dropped
                                                            Size (bytes):10728
                                                            Entropy (8bit):5.002922909528201
                                                            Encrypted:false
                                                            SSDEEP:192:bhiGeQB+hn6Q6ZyUHL+Je2BPHibk8IpM/4ACNM0SwKiKeT:diGeQBIiLr+Vibk7Q4vuOT
                                                            MD5:E53D7FDAE82FE462BD51C0B1AE52CFD7
                                                            SHA1:A502CA692306A1B5F4A3105271DDAF759BF4CFBA
                                                            SHA-256:861AD3BA1045D7BCFDC455226F13C43DC07808F4286850ED3F2C1875CE202790
                                                            SHA-512:D5C9183C4E73F0C62E74E1F3425D962AB194EC570EB15F28564EEF193E3305CC94CAEB488682865753A07995F12FC8C8571D3E4EE16566F32526C8D83DCCFAB9
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spremi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Printaj]].[[screenshot_plugin.fullscreen]]=[[Odaberi cijeli ekran]].[[screenshot_plugin.clear]]=[[Ukloni selekciju]].[[screenshot_plugin.cancel]]=[[Otkazati]].[[screenshot_plugin.editonline]]=[[Uredi screenshot online]].[[screenshot_plugin.upload]]=[[Uploaduj na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Prona.i sli.ne slike na Google-u]].[[screenshot_plugin.share_tineyesearch]]=[[Prona.i sli.ne slike na Tineye-u]].[[screenshot_plugin.share_sendmail]]=[[Po.alji pute mail-a]].[[screenshot_plugin.share_twitter]]=[[Podijeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podijeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Podijeli na VK]].[[screenshot_plugin.share_pinterest]]=[[Podijeli na Pinterest]].[[screenshot_plugin.share]]=[[Podijeli na Socijalne Mre.e]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na vel

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ca.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):3761
                                                            Entropy (8bit):4.75111012331288
                                                            Encrypted:false
                                                            SSDEEP:96:E/l6LhElslfYrYODlHs3qGWLZJism5ZfS:gehElsRYrYelHs3qGWLZJism5U
                                                            MD5:B85E43201C3D051F8D4F5E7210E6E0BC
                                                            SHA1:C7FC7CCD6F8AC76F674D3B42CFAF2AF74EB1B515
                                                            SHA-256:5DEEBC0DC369C6E2F85E549C6AD38AF0F385CC0163373C857508AF3A8E96E8DF
                                                            SHA-512:15D2744DCED11591C4AF340F1C95595C41BDADEBC5C6BD1DED962A1DFBAA9159555F1DDD21714DD0C13E53600BD92F036D33861FF21760B1BC7E9202A4756D3C
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Desa]].[[screenshot_plugin.print]]=[[Imprimeix]].[[screenshot_plugin.fullscreen]]=[[Selecciona pantalla completa]].[[screenshot_plugin.clear]]=[[Neteja la selecci.]].[[screenshot_plugin.editonline]]=[[Editeu una captura de pantalla en l.nia]].[[screenshot_plugin.upload]]=[[Puja a prntscr.com]].[[screenshot_plugin.close]]=[[Tanca]]..[[screenshot_plugin.share_tineyesearch]]=[[Cerca imatges similars a Tineye]].[[screenshot_plugin.share_sendmail]]=[[Envia a trav.s de correu electr.nic]].[[screenshot_plugin.share_twitter]]=[[Comparteix al Twitter]].[[screenshot_plugin.share_facebook]]=[[Comparteix al Facebook]].[[screenshot_plugin.share_pinterest]]=[[Comparteix a Pinterest]].[[screenshot_plugin.share]]=[[Comparteix a les xarxes socials]]..[[screenshot_plugin.incorrect_size]]=[[Mida incorrecta]].[[screenshot_plugin.error_capt]]=[[Error]]..[[screenshot_plugin.open]]=[[Obre]]..[[screenshot_app.take_screenshot]]=[[Feu una captura de pantalla]].[[screenshot_ap

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\cs.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1017)
                                                            Category:dropped
                                                            Size (bytes):11222
                                                            Entropy (8bit):5.219145596006698
                                                            Encrypted:false
                                                            SSDEEP:192:xWe5DsmcCixfhbBqJJzgncA2/ERbHsALb2kzIZGx:cVm7iRhb8NtA2/ENHjSkzIZy
                                                            MD5:B69442C812103E4D0679A07D0EEC0AF8
                                                            SHA1:9EA6A3F20A49EF7B10895622B71E8F346216A370
                                                            SHA-256:EDA81D8D1BF445FEAC5AF9A7B2F6FF10F39C57449FB5FE202D2662B596DD2AA6
                                                            SHA-512:BC15A2A46FA508E99951C66CA66911727441F5FD98478B6630B3BDB6A3DAF42E6F7B9030B2B5FBC161391F9D28F748A210E6C5E4992F18E5914258EE1F5865A0
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ulo.it]].[[screenshot_plugin.copy]]=[[Kop.rovat]].[[screenshot_plugin.print]]=[[Vytisknout]].[[screenshot_plugin.fullscreen]]=[[Vybrat celou obrazovku]].[[screenshot_plugin.clear]]=[[Odstranit v.b.r]].[[screenshot_plugin.cancel]]=[[Zru.it]].[[screenshot_plugin.editonline]]=[[Editovat sn.mek online]].[[screenshot_plugin.upload]]=[[Nahr.t na prntscr.com]].[[screenshot_plugin.close]]=[[Zav..t]]..[[screenshot_plugin.share_googlesearch]]=[[Vyhledat podobn. obr.zky na Googlu]].[[screenshot_plugin.share_tineyesearch]]=[[Vyhledat podobn. obr.zky na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Poslat p.es email]].[[screenshot_plugin.share_twitter]]=[[Sd.let na Twitteru]].[[screenshot_plugin.share_facebook]]=[[Sd.let na Facebooku]].[[screenshot_plugin.share_vk]]=[[Sd.let na VK]].[[screenshot_plugin.share_pinterest]]=[[Sd.let na Pinterestu]].[[screenshot_plugin.share]]=[[Sd.let na soci.ln.ch s.t.ch]]..[[screenshot_plugin.incorrect_size]]=[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\da.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1050)
                                                            Category:dropped
                                                            Size (bytes):10777
                                                            Entropy (8bit):4.96781859221012
                                                            Encrypted:false
                                                            SSDEEP:192:m/cj3M/yhShJxNBYQJXSBWOJ+mJ0WnvOk98qp9gJC3wfKxJLvzt:mkA6hSPvPhq0m+kmkZPgJC3wfK5
                                                            MD5:EC2BCE92371B3A0B2DC4C4FC5CEB52D0
                                                            SHA1:5330E9AFBF34E1392624D320FBF2D96115460118
                                                            SHA-256:998C50A30EFCA47F3EBEBEF43AAE172B66274B1BB4FE9D956D1AA3521DFE072D
                                                            SHA-512:8C10A9D9BD856A7B101E089847680D6B3B2C85168F53287865F3B5D153BB0CCD75ED11BEFF4C8E9B1F8276195B5E95C5A2446E6EC4C969EF561593B340674BA0
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Gem]].[[screenshot_plugin.copy]]=[[Kopier]].[[screenshot_plugin.print]]=[[Print]].[[screenshot_plugin.fullscreen]]=[[V.lg fuld sk.rm]].[[screenshot_plugin.clear]]=[[Nulstil det valgte]].[[screenshot_plugin.cancel]]=[[Annuller]].[[screenshot_plugin.editonline]]=[[Rediger et sk.rmbillede online]].[[screenshot_plugin.upload]]=[[Upload til prntscr.com]].[[screenshot_plugin.close]]=[[Luk]]..[[screenshot_plugin.share_googlesearch]]=[[S.g lignende billeder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.g lignende billeder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Del p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Del p. Facebook]].[[screenshot_plugin.share_vk]]=[[Del p. VK]].[[screenshot_plugin.share_pinterest]]=[[Del p. Pinterest]].[[screenshot_plugin.share]]=[[Del p. dine sociale netv.rk]]..[[screenshot_plugin.incorrect_size]]=[[Forkert st.rrelse]].[[screenshot_plugin

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\de.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1109)
                                                            Category:dropped
                                                            Size (bytes):11376
                                                            Entropy (8bit):4.9286221743577405
                                                            Encrypted:false
                                                            SSDEEP:96:ddeqaEqaAjTVMe9eO/WaLEfbf5imm4qb/adJZNklbbGwoF+FYKUxiAqlpld5Es07:dSRh/Em4qbwJTkpbG3F+ox0b0o7E
                                                            MD5:D115749DC09721FA6C20257AFC71A64D
                                                            SHA1:CC741E1AB1BE8A6BC7C42AB265E86857F74894FB
                                                            SHA-256:5742F1EBCE39FBBAB90A6A3581E57B7B6C35D0CD9A2DD23BBA61712533F0C468
                                                            SHA-512:61CEB72D39504FA33780F74C077FDF7CD58128FB75AAFE48262FA4D15FC8E62D5EEA9DAE9C9B9F3A53040F5890DBCB263BB463F4C72712BB288EB5E919A4CA91
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Speichern]].[[screenshot_plugin.copy]]=[[Kopieren]].[[screenshot_plugin.print]]=[[Drucken]].[[screenshot_plugin.fullscreen]]=[[Kompletten Bildschirm ausw.hlen]].[[screenshot_plugin.clear]]=[[Auswahl aufheben]].[[screenshot_plugin.cancel]]=[[Abbrechen]].[[screenshot_plugin.editonline]]=[[Screenshot online bearbeiten]].[[screenshot_plugin.upload]]=[[Hochladen auf prntscr.com]].[[screenshot_plugin.close]]=[[Schlie.en]]..[[screenshot_plugin.share_googlesearch]]=[[Nach .hnlichen Bildern auf Google suchen]].[[screenshot_plugin.share_tineyesearch]]=[[Nach .hnlichen Bildern auf Tineye suchen]].[[screenshot_plugin.share_sendmail]]=[[Per Email verschicken]].[[screenshot_plugin.share_twitter]]=[[Auf Twitter teilen]].[[screenshot_plugin.share_facebook]]=[[Auf Facebook teilen]].[[screenshot_plugin.share_vk]]=[[Auf VK teilen]].[[screenshot_plugin.share_pinterest]]=[[Auf Pinterest teilen]].[[screenshot_plugin.share]]=[[Auf sozialen Netzwerken teilen]]..[[screenshot

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\el.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1126)
                                                            Category:dropped
                                                            Size (bytes):16679
                                                            Entropy (8bit):5.169336661683813
                                                            Encrypted:false
                                                            SSDEEP:192:qfaE+2XPhY8md/HDKJcDvvLtvJ08sU7EhdopOrjYfq1JFuDzaomZK:qf0hKSjvL3sabgrjYfq1JFuDzbN
                                                            MD5:25CC5EB2A8E15D7903A31C83B0DB5096
                                                            SHA1:2ED5CFCBD5A2D96B308A75CEF705218E842A04F0
                                                            SHA-256:F4E2936E6CC32D0E41BF4A4FDA14623FB7665B5A8BCFC14D8595F0119359B05E
                                                            SHA-512:F5A0C91972F9C5650927A4DF82EA88D370206E55E0C57D54753781C012C714C19A87CDF1049BE017E68A7D4B07205E3065FE4AC27E04931E05BEE50397EC5A46
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[........]].[[screenshot_plugin.fullscreen]]=[[....... ....... ......]].[[screenshot_plugin.clear]]=[[........ ........]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[........... .... ............ online]].[[screenshot_plugin.upload]]=[[........... ... prntscr.com]].[[screenshot_plugin.close]]=[[........]]..[[screenshot_plugin.share_googlesearch]]=[[......... ......... ....... ... Google]].[[screenshot_plugin.share_tineyesearch]]=[[......... ......... ....... ... Tineye]].[[screenshot_plugin.share_sendmail]]=[[........ .... email]].[[screenshot_plugin.share_twitter]]=[[........... .. ... Twitter]].[[screenshot_plugin.share_facebook]]=[[......

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\en.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
                                                            Category:dropped
                                                            Size (bytes):10420
                                                            Entropy (8bit):4.837706672185901
                                                            Encrypted:false
                                                            SSDEEP:192:frZrSujAKY7f9JicIjWWURS1ldKbGdf+y:frZeEAPf9+URidKbGdmy
                                                            MD5:4D195562C84403DD347BD2C45403EFC5
                                                            SHA1:4203BD1C9F0C0A2133BA7DC5FF1F9C86C942D131
                                                            SHA-256:4A57246BD4CE9D387EC10F0AB2084C3D91E8463D03C1412F3665AEE3885A85A5
                                                            SHA-512:3DE1BA358834C7D238E35F533A192C6E6E41FDF276A29B6714CF02636CAD123EFF571614A1185025757BEC3E9F9F351D612598496600684E4AC676E576E8C601
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Save]].[[screenshot_plugin.copy]]=[[Copy]].[[screenshot_plugin.print]]=[[Print]].[[screenshot_plugin.fullscreen]]=[[Select full screen]].[[screenshot_plugin.clear]]=[[Clear selection]].[[screenshot_plugin.cancel]]=[[Cancel]].[[screenshot_plugin.editonline]]=[[Edit a screenshot online]].[[screenshot_plugin.upload]]=[[Upload to prntscr.com]].[[screenshot_plugin.close]]=[[Close]]..[[screenshot_plugin.share_googlesearch]]=[[Search similar images on Google]].[[screenshot_plugin.share_tineyesearch]]=[[Search similar images on Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Share on Twitter]].[[screenshot_plugin.share_facebook]]=[[Share on Facebook]].[[screenshot_plugin.share_vk]]=[[Share on VK]].[[screenshot_plugin.share_pinterest]]=[[Share on Pinterest]].[[screenshot_plugin.share]]=[[Share on social networks]]..[[screenshot_plugin.incorrect_size]]=[[Wrong size]].[[screenshot_plugin.error_capt]]=[[Error]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\es.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1059)
                                                            Category:dropped
                                                            Size (bytes):11416
                                                            Entropy (8bit):4.851928229994875
                                                            Encrypted:false
                                                            SSDEEP:192:Z2vutYYceg7EJNgSPPgLJs5sMTsBJhlpXR/QOQ2EwolUwEsYK:Z2UYYcv7MgSPPgL9QyZR/QOLENUwEsYK
                                                            MD5:C7532FCF181919333E0A247E447CF56E
                                                            SHA1:CF1ADF1C620BA5AEF0F26066964E9D2447EA9211
                                                            SHA-256:037F23F925BA25D30D221D0FB36FE9925DBEA3079A4AAFEDC13ECC9A8D306F40
                                                            SHA-512:A95FF21659E6F68A49B011AB47BF4C24990F1318CD0CD9661AC6A55C7B0A178EAD9D533C81D5B916C12C4A5ED7AF9013DA739FA33F463807634A6D43497A3F49
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Guardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Seleccionar pantalla completa]].[[screenshot_plugin.clear]]=[[Borrar selecci.n]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar una captura de pantalla en l.nea]].[[screenshot_plugin.upload]]=[[Subir a prntscr.com]].[[screenshot_plugin.close]]=[[Cerrar]]..[[screenshot_plugin.share_googlesearch]]=[[Buscar im.genes similares en Google]].[[screenshot_plugin.share_tineyesearch]]=[[Buscar im.genes similares en Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Compartir en Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartir en Facebook]].[[screenshot_plugin.share_vk]]=[[Compartir en VK]].[[screenshot_plugin.share_pinterest]]=[[Compartir en Pinterest]].[[screenshot_plugin.share]]=[[Compartir en redes sociales]]..[[screenshot_plugin.incorrec

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\et.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (972)
                                                            Category:dropped
                                                            Size (bytes):10478
                                                            Entropy (8bit):4.9285769816878435
                                                            Encrypted:false
                                                            SSDEEP:192:ae+7X0nwCoFGDg9G8GvJDY6ZWY838Pa5tHW4brnMMEZyqe:9+7Enwag9GXvVYFY838Pa5tHfrnMzde
                                                            MD5:2B75C4A44B3D45B7F412638B34FC3D0E
                                                            SHA1:966765B328774BF3093EC293579C3D40DB215F27
                                                            SHA-256:269653CAA6B7C42F8E927CE48B273313302C8BF68E8DC67381F066F2F96C8D61
                                                            SHA-512:43CB33704A08158B6CBDBEFA71DD901F4383ACB2601C14DD4C75EA9A4F709D06F342B3B00D2AF7A9E9BBF785644FC93B8F0250E1BF643BAB823D6951BA83A92E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salvesta]].[[screenshot_plugin.copy]]=[[Kopeeri]].[[screenshot_plugin.print]]=[[Prindi]].[[screenshot_plugin.fullscreen]]=[[Vali t.isekraan]].[[screenshot_plugin.clear]]=[[Puhasta valitud]].[[screenshot_plugin.cancel]]=[[Loobu]].[[screenshot_plugin.editonline]]=[[Redigeeri kuvat.mmist v.rgus]].[[screenshot_plugin.upload]]=[[Lae .lesse prntscr.com lehele]].[[screenshot_plugin.close]]=[[Sule]]..[[screenshot_plugin.share_googlesearch]]=[[Otsi sarnaseid pilte Google-st]].[[screenshot_plugin.share_tineyesearch]]=[[Otsi sarnaseid pilte Tineye-st]].[[screenshot_plugin.share_sendmail]]=[[Saada E-mailga]].[[screenshot_plugin.share_twitter]]=[[Jaga Twitteris]].[[screenshot_plugin.share_facebook]]=[[Jaga Facebookis]].[[screenshot_plugin.share_vk]]=[[Jaga VKs]].[[screenshot_plugin.share_pinterest]]=[[Jaga Pinterest-is]].[[screenshot_plugin.share]]=[[Jaga sotsiaalv.rgustikes]]..[[screenshot_plugin.incorrect_size]]=[[Vale suurus]].[[screenshot_plugin.error_capt]]

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fa.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):10491
                                                            Entropy (8bit):5.221991886945581
                                                            Encrypted:false
                                                            SSDEEP:192:NsjQz5zHyfBbXLml6M3isxynpphK0gmPq48YI9xXtqV81GlW:mslYp8pdqVkUW
                                                            MD5:A91D80CB2770EA0BD50DB9690FC5D6DF
                                                            SHA1:762226BD50FB39C7AFA9AC6B55688D48376D1E25
                                                            SHA-256:D8EDEC9A317E7722D304486657AE047B1627CD3FE80F2EEBC6BDA88D8323673E
                                                            SHA-512:3950B544A83FBB12003D622B60D96ABE104CE5B2A60E33C3C7474F256AD35902C26B79C10346F69C5F0E01209F2DB01C3B9CB842768243B9C00D83591B41D076
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.....]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..... .... ....]].[[screenshot_plugin.clear]]=[[... .... ......]].[[screenshot_plugin.cancel]]=[[... ....]].[[screenshot_plugin.editonline]]=[[...... ...... ....... ...]].[[screenshot_plugin.upload]]=[[........ .. prntscr.com]].[[screenshot_plugin.close]]=[[....]]..[[screenshot_plugin.share_googlesearch]]=[[...... ...... ..... .. ....]].[[screenshot_plugin.share_tineyesearch]]=[[...... ...... ..... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[..... .. .....]].[[screenshot_plugin.share_twitter]]=[[...... ..... .. ......]].[[screenshot_plugin.share_facebook]]=[[...... ..... .. ......]].[[screenshot_plugin.share_vk]]=[[...... ..... .. VK]].[[screenshot_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fi.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1037)
                                                            Category:dropped
                                                            Size (bytes):11019
                                                            Entropy (8bit):4.926299005060986
                                                            Encrypted:false
                                                            SSDEEP:192:eRnNrVjKpqOZUgmpZifo4Prj33aBvf1oZfi:6Nr10qOUifo4Pv4n1oZa
                                                            MD5:1FECEA4E623EC7B0DFF4457589D2A901
                                                            SHA1:00DCA986CBF21798F42E57B76E9C234E010441D9
                                                            SHA-256:537C962EEC10C69CCA2CA6A11A5BA0FBFDCC15FE6896FA623D4DFB00CBDCE5E5
                                                            SHA-512:0726992375548CC358FCA8DAEB21A8E1F2FBB180AC7F2AEFEA90C32EF67910F5B1436FD9231D6F710FA43803E1CFC6DCF9101605225B26070ED07FC77A37995D
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Tallenna]].[[screenshot_plugin.copy]]=[[Kopioi]].[[screenshot_plugin.print]]=[[Tulosta]].[[screenshot_plugin.fullscreen]]=[[Valitse koko n.ytt.]].[[screenshot_plugin.clear]]=[[Tyhjenn. valinta]].[[screenshot_plugin.cancel]]=[[Peruuta]].[[screenshot_plugin.editonline]]=[[Muokkaa kuvankaappausta verkossa]].[[screenshot_plugin.upload]]=[[Lataa sivustolle prntscr.com]].[[screenshot_plugin.close]]=[[Sulje]]..[[screenshot_plugin.share_googlesearch]]=[[Etsi samanlaisia kuvia Googlesta]].[[screenshot_plugin.share_tineyesearch]]=[[Etsi samankaltaisia kuvia sivustolta Tineye]].[[screenshot_plugin.share_sendmail]]=[[L.het. s.hk.postilla]].[[screenshot_plugin.share_twitter]]=[[Jaa Twitteriss.]].[[screenshot_plugin.share_facebook]]=[[Jaa Facebookissa]].[[screenshot_plugin.share_vk]]=[[Jaa VK:ssa]].[[screenshot_plugin.share_pinterest]]=[[Jaa Pinterestiss.]].[[screenshot_plugin.share]]=[[Jaa sosiaalisessa mediassa]]..[[screenshot_plugin.incorrect_size]]=[[V..

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fr.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1243)
                                                            Category:dropped
                                                            Size (bytes):11981
                                                            Entropy (8bit):4.93189390113932
                                                            Encrypted:false
                                                            SSDEEP:192:uARZ7EKUbDhTJiS9Ckyp9WHl8DaWtuz+rTuIz9m:uARGKIDhT7CNgHl8DayrTFm
                                                            MD5:61C9C831A6C90D4C7E34DE114CF01AD2
                                                            SHA1:FE1456F52D3731F844F890ABCD42F03011AB27CC
                                                            SHA-256:86FAFD94CF0E4D7AC3C7C510E60364690286F43E8A6E051A72DC5CD845FBA47F
                                                            SHA-512:007DADBDBB22375EA2287DEDFFF5B66D51BAAE570113089821BA9A78CEC740BB1813336BB3B2D6611E4B0F7BE5CEA4ACDFF6F463205FBA241148B06CBD0A3BDD
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Sauvegarder]].[[screenshot_plugin.copy]]=[[Copier]].[[screenshot_plugin.print]]=[[Imprimer]].[[screenshot_plugin.fullscreen]]=[[S.lectionner tout l..cran]].[[screenshot_plugin.clear]]=[[Effacer la s.lection]].[[screenshot_plugin.cancel]]=[[Annuler]].[[screenshot_plugin.editonline]]=[[Modifier la capture d..cran en ligne]].[[screenshot_plugin.upload]]=[[Publier sur prntscr.com]].[[screenshot_plugin.close]]=[[Fermer]]..[[screenshot_plugin.share_googlesearch]]=[[Rechercher des images similaires sur Google]].[[screenshot_plugin.share_tineyesearch]]=[[Rechercher des images similaires sur Tineye]].[[screenshot_plugin.share_sendmail]]=[[Envoyer par courriel]].[[screenshot_plugin.share_twitter]]=[[Partager sur Twitter]].[[screenshot_plugin.share_facebook]]=[[Partager sur Facebook]].[[screenshot_plugin.share_vk]]=[[Partager sur VK]].[[screenshot_plugin.share_pinterest]]=[[Partager sur Pinterest]].[[screenshot_plugin.share]]=[[Partager sur les r.seaux soc

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\gl.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):2571
                                                            Entropy (8bit):4.694878240736071
                                                            Encrypted:false
                                                            SSDEEP:48:Ys6dy6K/fF4feFlcjMYZ+XNalc+54YOmmJVl1ULw:hf6feFmoYZicWRYOmmJVl1Uk
                                                            MD5:6AF8D75A375BF14CE817227FA848B8C4
                                                            SHA1:54A880E4AB5F10E895D016012B4AD73BB4B7E24E
                                                            SHA-256:6D6897C134235CEB66BE8B9DE9E0C93C1906681B7BD7153169F423CAF66501CE
                                                            SHA-512:EE2A1DF21F530114D0B65A68EC6738B5776BDA3D04447CE3B021F1C374E27B6F389B368C4C9202BCB8E5492B421FE63E4257F20B36670685C8E5B5ED3C5B863C
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Gardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Seleccionar pantalla completa]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.close]]=[[Pechar]]..[[screenshot_plugin.share_googlesearch]]=[[Procurar imaxes semellantes no Google]].[[screenshot_plugin.share_sendmail]]=[[Enviar v.a correo electr.nico]].[[screenshot_plugin.share_twitter]]=[[Compartir no Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartir no Facebook]].[[screenshot_plugin.share_pinterest]]=[[Compartir no Pinterest]].[[screenshot_plugin.share]]=[[Compartir nas redes sociais]]..[[screenshot_plugin.error_capt]]=[[Erro]]..[[screenshot_plugin.tooltip]]=[[Seleccionar .rea]].[[screenshot_plugin.open]]=[[Abrir]].[[screenshot_plugin.upload_failed_retry]]=[[Erro ao cargar. Volver tentar?]]..[[screenshot_app.take_screenshot]]=[[Facer unha captura de pantalla]].[[screenshot_app.about]]=[[Acerca de]].[[scre

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\he.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
                                                            Category:dropped
                                                            Size (bytes):12149
                                                            Entropy (8bit):5.088872199833535
                                                            Encrypted:false
                                                            SSDEEP:192:hEl9i4yuB6HySNkF98UNZ/me7Sc8j1ldKjVAwoiY:O8uB2e9HNZ/Ic8/dK5AwoP
                                                            MD5:3CA46C43929B540F39DAFF85DD06BFEB
                                                            SHA1:8ABED3FCB1C273C4173DEC8FB6CC2768F777ECA3
                                                            SHA-256:ECDA5230381AD49094439BF6E98637FFBFBA9408C5930F76708E2592A5D2DEF7
                                                            SHA-512:AE1295708A8DD79C1ABF1AA3A6D3F0C8E08ABF5C61A901A966A02200C5FC442D5DB88FFFBD4AD72240524115F2028902377C99DCC68154B1109141B52AD40127
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[....]].[[screenshot_plugin.copy]]=[[....]].[[screenshot_plugin.print]]=[[....]].[[screenshot_plugin.fullscreen]]=[[... ... ...]].[[screenshot_plugin.clear]]=[[... .....]].[[screenshot_plugin.cancel]]=[[...]].[[screenshot_plugin.editonline]]=[[.... ..... ... .......]].[[screenshot_plugin.upload]]=[[.... ....... . prntscr.com]].[[screenshot_plugin.close]]=[[....]]..[[screenshot_plugin.share_googlesearch]]=[[... ...... ..... .....]].[[screenshot_plugin.share_tineyesearch]]=[[... ...... ..... .......]].[[screenshot_plugin.share_sendmail]]=[[... ... .... ........]].[[screenshot_plugin.share_twitter]]=[[... .......]].[[screenshot_plugin.share_facebook]]=[[... ........]].[[screenshot_plugin.share_vk]]=[[... .: VK]].[[screenshot_plugin.share_pinterest]]=[[... .: Pinterest]].[[screenshot_plugin.share]]=[[...

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hr.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1021)
                                                            Category:dropped
                                                            Size (bytes):10863
                                                            Entropy (8bit):5.0046250426445
                                                            Encrypted:false
                                                            SSDEEP:192:f2iGCz3151Kvmr1IUiEnJtfxPvt70Uu0fdweHgZyiWB8UK:uiGCz33pi4pPqP2weAgBxK
                                                            MD5:8B7C86791CB7A6CC264BB6D6F086CCEA
                                                            SHA1:45D14F8943F7DBFB338ADAC2E76D7D719D8512EC
                                                            SHA-256:28CBFD25496EBB77EDECA119F0F8FF78D4952F5A8D71E10AD345382D7DF27C74
                                                            SHA-512:539973FAD93D460263397E12DB229EB37DF16DBFB5F7561421961B74EBBC420E254A3609A25C650EEBA956A22069BE6FE598BF7883AEE9D34D0C8A6B1CD7C535
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spremi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Ispis]].[[screenshot_plugin.fullscreen]]=[[Odaberi puni zaslon]].[[screenshot_plugin.clear]]=[[Izbri.i odabrano]].[[screenshot_plugin.cancel]]=[[Poni.ti]].[[screenshot_plugin.editonline]]=[[Uredi snimku zaslona na mre.i]].[[screenshot_plugin.upload]]=[[Prenesi na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Tra.i sli.ne slike na Google]].[[screenshot_plugin.share_tineyesearch]]=[[Tra.i sli.ne slike na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.alji e-po.tom]].[[screenshot_plugin.share_twitter]]=[[Podijeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podijeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Podijeli na VK]].[[screenshot_plugin.share_pinterest]]=[[Dijeli na Pinterest]].[[screenshot_plugin.share]]=[[Podijeli na dru.tvenim mre.ama]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na veli.i

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hu.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
                                                            Category:dropped
                                                            Size (bytes):11574
                                                            Entropy (8bit):5.153798849120497
                                                            Encrypted:false
                                                            SSDEEP:192:D0cYHsG6KygDB7ufUJcd64jpKoAPlSuJKg9FMC:tY3GyB7kU2d64jpdwhJl
                                                            MD5:5765DD5FCA07300F79AD162F5BDEE1BF
                                                            SHA1:187C25B4D4307F43B7FF741A513D101D9D1010E2
                                                            SHA-256:37FB2455B89697F3F3442E355B8C3FC372D1C61FAF43C1567EC7894C6DEF0D5C
                                                            SHA-512:EC3B7741735A34921DD84A1FE454C5FB444E337F28D3CF36A6D8B7BEEFED39911E8856A9663798F27A10F23901AEF51AA83CA7DB78ED1F745C93A9EE10383E52
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ment.s]].[[screenshot_plugin.copy]]=[[M.sol.s]].[[screenshot_plugin.print]]=[[Nyomtat.s]].[[screenshot_plugin.fullscreen]]=[[Teljes k.perny.]].[[screenshot_plugin.clear]]=[[Kijel.l.s t.rl.se]].[[screenshot_plugin.cancel]]=[[M.gsem]].[[screenshot_plugin.editonline]]=[[K.perny.ment.s szerkeszt.se online]].[[screenshot_plugin.upload]]=[[Felt.lt.s a prntscr.com-ra]].[[screenshot_plugin.close]]=[[Bez.r.s]]..[[screenshot_plugin.share_googlesearch]]=[[Hasonl. k.pek keres.se itt: Google]].[[screenshot_plugin.share_tineyesearch]]=[[Hasonl. k.pek keres.se itt: Tineye]].[[screenshot_plugin.share_sendmail]]=[[Elk.ld.se email .ltal]].[[screenshot_plugin.share_twitter]]=[[Megoszt.s a Twitteren]].[[screenshot_plugin.share_facebook]]=[[Megoszt.s a Facebookon]].[[screenshot_plugin.share_vk]]=[[Megoszt.s a VK-n]].[[screenshot_plugin.share_pinterest]]=[[Megoszt.s a Pinteresten]].[[screenshot_plugin.share]]=[[Megoszt.s a k.z.ss.gi port.l

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hy.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (887)
                                                            Category:dropped
                                                            Size (bytes):13487
                                                            Entropy (8bit):5.262276183422655
                                                            Encrypted:false
                                                            SSDEEP:192:/Kossn+7c30xdndnLMfVu/d23XLMRMrQDlsGkOpOB731wPqLppEq+8pEYZ7zc5/J:8c3adndnLGgqXLiyGkVB7Ffc5t5h
                                                            MD5:2AAE7AF8598C3BC89B17CB8F36A0BD59
                                                            SHA1:F211568F746150D413D15AA72688345D0142F925
                                                            SHA-256:C3BE9BA8219F9BECD5AE9279BA5620270131880D276F3799CC2D1C0C3B224CA3
                                                            SHA-512:823E749BF3172E94766F8CC337E4D3D86CE195F1F9E06F6255E731F8197815263F38BDA65D0171A5DB2C3BABDF1E67A5707B347370A9AB48024CF62089F9FAA5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[....]].[[screenshot_plugin.fullscreen]]=[[.... ...... ......]].[[screenshot_plugin.clear]]=[[......]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[........ ......]].[[screenshot_plugin.upload]]=[[......... prntscr.com]].[[screenshot_plugin.close]]=[[.....]]..[[screenshot_plugin.share_googlesearch]]=[[...... .... ......... Google-...]].[[screenshot_plugin.share_tineyesearch]]=[[...... .... ......... Tineye-...]].[[screenshot_plugin.share_sendmail]]=[[........ ...... .........]].[[screenshot_plugin.share_twitter]]=[[....... Twitter-...]].[[screenshot_plugin.share_facebook]]=[[....... Facebook-...]].[[screenshot_plugin.share_vk]]=[[....... VK-...]].[[screenshot_plugin.share_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\id.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1077)
                                                            Category:dropped
                                                            Size (bytes):10796
                                                            Entropy (8bit):4.8500073537614945
                                                            Encrypted:false
                                                            SSDEEP:96:15YyVRxmKsrFknz3kUBiPkNGN8+ynyRk6sjs3mJNI0PNdalxQ+bxpKjamdUb7Lz/:1ZXz3kenHZJ+0PNdXexpK+MyLiUF
                                                            MD5:0FCA4BD83616AFBB1979A4E191F0D8B4
                                                            SHA1:B7F14F5B8F9243842F75173E7B6B26A7B7423A5E
                                                            SHA-256:82DEC9FF06F22776DCA34A8846B3D78CD543FA90B3A6A7250B4E44428ADEDC64
                                                            SHA-512:5343F3CB21711B0E73AECA482FDB515596E35CBC4F7F53DBA6792ED829FB0876FD5BA485495B526493EC964C6081DF9FCE7111FBE4C3805DF185451C0466667E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Simpan]].[[screenshot_plugin.copy]]=[[Salin]].[[screenshot_plugin.print]]=[[Cetak]].[[screenshot_plugin.fullscreen]]=[[Pilih Layar Penuh]].[[screenshot_plugin.clear]]=[[Bersihkan Area]].[[screenshot_plugin.cancel]]=[[Batalkan]].[[screenshot_plugin.editonline]]=[[Menyunting screenshot secara online]].[[screenshot_plugin.upload]]=[[Unggah ke prntscr.com]].[[screenshot_plugin.close]]=[[Tutup]]..[[screenshot_plugin.share_googlesearch]]=[[Cari gambar yang mirip di Google]].[[screenshot_plugin.share_tineyesearch]]=[[Cari Gambar Serupa di Tineye]].[[screenshot_plugin.share_sendmail]]=[[Kirim lewat email]].[[screenshot_plugin.share_twitter]]=[[Bagikan di Twitter]].[[screenshot_plugin.share_facebook]]=[[Bagikan di Facebook]].[[screenshot_plugin.share_vk]]=[[Bagikan di VK]].[[screenshot_plugin.share_pinterest]]=[[Bagikan ke Pinterest]].[[screenshot_plugin.share]]=[[Bagikan di jejaring sosial]]..[[screenshot_plugin.incorrect_size]]=[[Ukuran Salah]].[[screenshot_pl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-04HG0.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (887)
                                                            Category:dropped
                                                            Size (bytes):13487
                                                            Entropy (8bit):5.262276183422655
                                                            Encrypted:false
                                                            SSDEEP:192:/Kossn+7c30xdndnLMfVu/d23XLMRMrQDlsGkOpOB731wPqLppEq+8pEYZ7zc5/J:8c3adndnLGgqXLiyGkVB7Ffc5t5h
                                                            MD5:2AAE7AF8598C3BC89B17CB8F36A0BD59
                                                            SHA1:F211568F746150D413D15AA72688345D0142F925
                                                            SHA-256:C3BE9BA8219F9BECD5AE9279BA5620270131880D276F3799CC2D1C0C3B224CA3
                                                            SHA-512:823E749BF3172E94766F8CC337E4D3D86CE195F1F9E06F6255E731F8197815263F38BDA65D0171A5DB2C3BABDF1E67A5707B347370A9AB48024CF62089F9FAA5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[....]].[[screenshot_plugin.fullscreen]]=[[.... ...... ......]].[[screenshot_plugin.clear]]=[[......]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[........ ......]].[[screenshot_plugin.upload]]=[[......... prntscr.com]].[[screenshot_plugin.close]]=[[.....]]..[[screenshot_plugin.share_googlesearch]]=[[...... .... ......... Google-...]].[[screenshot_plugin.share_tineyesearch]]=[[...... .... ......... Tineye-...]].[[screenshot_plugin.share_sendmail]]=[[........ ...... .........]].[[screenshot_plugin.share_twitter]]=[[....... Twitter-...]].[[screenshot_plugin.share_facebook]]=[[....... Facebook-...]].[[screenshot_plugin.share_vk]]=[[....... VK-...]].[[screenshot_plugin.share_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-1K4BH.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):1853
                                                            Entropy (8bit):4.858703658195675
                                                            Encrypted:false
                                                            SSDEEP:24:ITcerFoMqngS07b8EFH08JgwEqgVkaXkgleOI1ZwV76k1uRrF0kscGP4G5jfqKH:kceFoMvR0IHEn1NePo76kwRxTsW8
                                                            MD5:6EA5AF7F09D1CDD8929B1D6C2F8B9DFD
                                                            SHA1:7A185908954EFADDA847870CA30E344EDA0B72D1
                                                            SHA-256:6BC8AD750CB4142C2C628C3C3F3006C853A48566FC988CD7179EA6CAE0FF7A79
                                                            SHA-512:149456B744531945A7ABCD294F7B45EAE3959D8B672DE10431A26D9458E683B1A48D03136C672DAB00C804AC8F6738A6C35D0F18D48818F28038864499DCDB78
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Vista]].[[screenshot_plugin.copy]]=[[Afrita]].[[screenshot_plugin.print]]=[[Prenta]].[[screenshot_plugin.fullscreen]]=[[Velja fullan skj.]].[[screenshot_plugin.clear]]=[[Hreinsa]].[[screenshot_plugin.cancel]]=[[H.tta Vi.]].[[screenshot_plugin.editonline]]=[[Breyta Mynd]].[[screenshot_plugin.upload]]=[[Senda . prntscr.com]].[[screenshot_plugin.close]]=[[Loka]]..[[screenshot_plugin.share_googlesearch]]=[[Leita a. svipu.um myndum . Google]].[[screenshot_plugin.share_tineyesearch]]=[[Leita a. svipu.um myndum . Tineye]].[[screenshot_plugin.share_sendmail]]=[[Senda . email]].[[screenshot_plugin.share_twitter]]=[[Deila . Twitter]].[[screenshot_plugin.share_facebook]]=[[Deila in Facebook]]..[[screenshot_plugin.incorrect_size]]=[[Vitlaus St.r.]].[[screenshot_plugin.error_capt]]=[[Villa]]..[[screenshot_plugin.tooltip]]=[[Velja sv..i]].[[screenshot_plugin.open]]=[[Opna]].[[screenshot_plugin.uploading_window_capt]]=[[Sendi mynd]].[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-33HLK.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1062)
                                                            Category:dropped
                                                            Size (bytes):11480
                                                            Entropy (8bit):5.419848029758379
                                                            Encrypted:false
                                                            SSDEEP:192:bjogec0IQlM11nlmVeq/HOO5m+0rVKXIkrGePxn:PpL11nk/HhV0rAX97Px
                                                            MD5:1519DB2C13A378136674B71398DFAA6D
                                                            SHA1:B601FD64338E54DCEE5A2365BBE520ECFACE43F0
                                                            SHA-256:C9730104D6D2F66DA4419D9D7C8CC64A3A839DFA06AC88E42DDEE58AE3B170D2
                                                            SHA-512:8CE125AC27B86C95F7EADECBADA1652C897794EC9CAFFFFED451F36B87BDE85077C65FBA99085FADFB0AFD5BDC08D60077F71C253545D86143055CDA0FF41BD3
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[L.u]].[[screenshot_plugin.copy]]=[[Sao ch.p]].[[screenshot_plugin.print]]=[[In]].[[screenshot_plugin.fullscreen]]=[[Ch.n to.n m.n h.nh]].[[screenshot_plugin.clear]]=[[X.a v.ng ch.n]].[[screenshot_plugin.cancel]]=[[H.y b.]].[[screenshot_plugin.editonline]]=[[Ch.nh s.a .nh ch.p m.n h.nh tr.c tuy.n]].[[screenshot_plugin.upload]]=[[T.i l.n prntscr.com]].[[screenshot_plugin.close]]=[[..ng]]..[[screenshot_plugin.share_googlesearch]]=[[T.m ki.m .nh t..ng t. tr.n Google]].[[screenshot_plugin.share_tineyesearch]]=[[T.m ki.m .nh t..ng t. tr.n Tineye]].[[screenshot_plugin.share_sendmail]]=[[G.i qua email]].[[screenshot_plugin.share_twitter]]=[[Chia s. l.n Twitter]].[[screenshot_plugin.share_facebook]]=[[Chia s. l.n Facebook]].[[screenshot_plugin.share_vk]]=[[Chia s. l.n VK]].[[screenshot_plugin.share_pinterest]]=[[Chia s. l.n m.ng x. h.i Pinterest]].[[screenshot_plugin.share]]=[[Chia s. l.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-340BK.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
                                                            Category:dropped
                                                            Size (bytes):10420
                                                            Entropy (8bit):4.837706672185901
                                                            Encrypted:false
                                                            SSDEEP:192:frZrSujAKY7f9JicIjWWURS1ldKbGdf+y:frZeEAPf9+URidKbGdmy
                                                            MD5:4D195562C84403DD347BD2C45403EFC5
                                                            SHA1:4203BD1C9F0C0A2133BA7DC5FF1F9C86C942D131
                                                            SHA-256:4A57246BD4CE9D387EC10F0AB2084C3D91E8463D03C1412F3665AEE3885A85A5
                                                            SHA-512:3DE1BA358834C7D238E35F533A192C6E6E41FDF276A29B6714CF02636CAD123EFF571614A1185025757BEC3E9F9F351D612598496600684E4AC676E576E8C601
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Save]].[[screenshot_plugin.copy]]=[[Copy]].[[screenshot_plugin.print]]=[[Print]].[[screenshot_plugin.fullscreen]]=[[Select full screen]].[[screenshot_plugin.clear]]=[[Clear selection]].[[screenshot_plugin.cancel]]=[[Cancel]].[[screenshot_plugin.editonline]]=[[Edit a screenshot online]].[[screenshot_plugin.upload]]=[[Upload to prntscr.com]].[[screenshot_plugin.close]]=[[Close]]..[[screenshot_plugin.share_googlesearch]]=[[Search similar images on Google]].[[screenshot_plugin.share_tineyesearch]]=[[Search similar images on Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Share on Twitter]].[[screenshot_plugin.share_facebook]]=[[Share on Facebook]].[[screenshot_plugin.share_vk]]=[[Share on VK]].[[screenshot_plugin.share_pinterest]]=[[Share on Pinterest]].[[screenshot_plugin.share]]=[[Share on social networks]]..[[screenshot_plugin.incorrect_size]]=[[Wrong size]].[[screenshot_plugin.error_capt]]=[[Error]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-35M74.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (960)
                                                            Category:dropped
                                                            Size (bytes):14817
                                                            Entropy (8bit):5.250728591248304
                                                            Encrypted:false
                                                            SSDEEP:384:qstnV2IxGGG6JMjGqiOGuytcE0CzQh2WuELEefdnhEx:5p7gCkEBELP54
                                                            MD5:1E03EAEA8317F8957E3550C5CBE7B1C2
                                                            SHA1:AA99447995880271B770698C95949DAD750A148D
                                                            SHA-256:A8F0633F9AC6B0AA75477547D254E41A2B7571F1E832F8E22F2DA47C12ACA023
                                                            SHA-512:1695B65441B72CFA68020E4C11894645FB3ED13F74ED847C53E0CD4ED0D89FCBC6BE7FE37483F1E21348EC16F31FCF327505BA1E149F05215285B54FC49BE8E6
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[.........]].[[screenshot_plugin.fullscreen]]=[[........ ..... .....]].[[screenshot_plugin.clear]]=[[......... .........]].[[screenshot_plugin.cancel]]=[[.........]].[[screenshot_plugin.editonline]]=[[.......... ...... ...... ......]].[[screenshot_plugin.upload]]=[[........... .. prntscr.com]].[[screenshot_plugin.close]]=[[........]]..[[screenshot_plugin.share_googlesearch]]=[[...... ........ ........ . Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ........ ........ . Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... .... email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... . Facebook]].[[screens

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-3OTJ0.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1021)
                                                            Category:dropped
                                                            Size (bytes):10863
                                                            Entropy (8bit):5.0046250426445
                                                            Encrypted:false
                                                            SSDEEP:192:f2iGCz3151Kvmr1IUiEnJtfxPvt70Uu0fdweHgZyiWB8UK:uiGCz33pi4pPqP2weAgBxK
                                                            MD5:8B7C86791CB7A6CC264BB6D6F086CCEA
                                                            SHA1:45D14F8943F7DBFB338ADAC2E76D7D719D8512EC
                                                            SHA-256:28CBFD25496EBB77EDECA119F0F8FF78D4952F5A8D71E10AD345382D7DF27C74
                                                            SHA-512:539973FAD93D460263397E12DB229EB37DF16DBFB5F7561421961B74EBBC420E254A3609A25C650EEBA956A22069BE6FE598BF7883AEE9D34D0C8A6B1CD7C535
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spremi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Ispis]].[[screenshot_plugin.fullscreen]]=[[Odaberi puni zaslon]].[[screenshot_plugin.clear]]=[[Izbri.i odabrano]].[[screenshot_plugin.cancel]]=[[Poni.ti]].[[screenshot_plugin.editonline]]=[[Uredi snimku zaslona na mre.i]].[[screenshot_plugin.upload]]=[[Prenesi na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Tra.i sli.ne slike na Google]].[[screenshot_plugin.share_tineyesearch]]=[[Tra.i sli.ne slike na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.alji e-po.tom]].[[screenshot_plugin.share_twitter]]=[[Podijeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podijeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Podijeli na VK]].[[screenshot_plugin.share_pinterest]]=[[Dijeli na Pinterest]].[[screenshot_plugin.share]]=[[Podijeli na dru.tvenim mre.ama]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na veli.i

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-59G3F.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
                                                            Category:dropped
                                                            Size (bytes):11574
                                                            Entropy (8bit):5.153798849120497
                                                            Encrypted:false
                                                            SSDEEP:192:D0cYHsG6KygDB7ufUJcd64jpKoAPlSuJKg9FMC:tY3GyB7kU2d64jpdwhJl
                                                            MD5:5765DD5FCA07300F79AD162F5BDEE1BF
                                                            SHA1:187C25B4D4307F43B7FF741A513D101D9D1010E2
                                                            SHA-256:37FB2455B89697F3F3442E355B8C3FC372D1C61FAF43C1567EC7894C6DEF0D5C
                                                            SHA-512:EC3B7741735A34921DD84A1FE454C5FB444E337F28D3CF36A6D8B7BEEFED39911E8856A9663798F27A10F23901AEF51AA83CA7DB78ED1F745C93A9EE10383E52
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ment.s]].[[screenshot_plugin.copy]]=[[M.sol.s]].[[screenshot_plugin.print]]=[[Nyomtat.s]].[[screenshot_plugin.fullscreen]]=[[Teljes k.perny.]].[[screenshot_plugin.clear]]=[[Kijel.l.s t.rl.se]].[[screenshot_plugin.cancel]]=[[M.gsem]].[[screenshot_plugin.editonline]]=[[K.perny.ment.s szerkeszt.se online]].[[screenshot_plugin.upload]]=[[Felt.lt.s a prntscr.com-ra]].[[screenshot_plugin.close]]=[[Bez.r.s]]..[[screenshot_plugin.share_googlesearch]]=[[Hasonl. k.pek keres.se itt: Google]].[[screenshot_plugin.share_tineyesearch]]=[[Hasonl. k.pek keres.se itt: Tineye]].[[screenshot_plugin.share_sendmail]]=[[Elk.ld.se email .ltal]].[[screenshot_plugin.share_twitter]]=[[Megoszt.s a Twitteren]].[[screenshot_plugin.share_facebook]]=[[Megoszt.s a Facebookon]].[[screenshot_plugin.share_vk]]=[[Megoszt.s a VK-n]].[[screenshot_plugin.share_pinterest]]=[[Megoszt.s a Pinteresten]].[[screenshot_plugin.share]]=[[Megoszt.s a k.z.ss.gi port.l

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-6A71J.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
                                                            Category:dropped
                                                            Size (bytes):11202
                                                            Entropy (8bit):4.9289519644156865
                                                            Encrypted:false
                                                            SSDEEP:192:zthb1ZlvjsLnTiPEpANWlMdVk7JrRzO7zvm34hv1WfE/9mWwZtz:ztR1rvoz+PEpANsMGJRqzvm3qv2E/9rE
                                                            MD5:62946D959F30092FE18CD081D90A1135
                                                            SHA1:ABA3A2CD65D5BF80AE08433994E006B3557BE3AE
                                                            SHA-256:6A20F444F3087CAEB940B2D21CCF437BCC93673308F4898577DFA82677369068
                                                            SHA-512:757333E7DC4173E7D793C71AFE3517D09D1B4B02731A02F7CBAD835C2160506900BA2A5CD80550E68E07C08A3EF1CEF33A0A85FB11EA8D53186CCEE0C086D111
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salveaz.]].[[screenshot_plugin.copy]]=[[Copiaz.]].[[screenshot_plugin.print]]=[[Printeaz.]].[[screenshot_plugin.fullscreen]]=[[Pe tot ecranul]].[[screenshot_plugin.clear]]=[[Cur... sectiunea]].[[screenshot_plugin.cancel]]=[[Anuleaz.]].[[screenshot_plugin.editonline]]=[[Editeaz. captura de ecran online]].[[screenshot_plugin.upload]]=[[.ncarc. pe prntscr.com]].[[screenshot_plugin.close]]=[[.nchide]]..[[screenshot_plugin.share_googlesearch]]=[[Caut. imagini similare pe Google]].[[screenshot_plugin.share_tineyesearch]]=[[Caut. imagini similare pe Google Tineye]].[[screenshot_plugin.share_sendmail]]=[[Trimite prin email]].[[screenshot_plugin.share_twitter]]=[[Distribui.i pe Twitter]].[[screenshot_plugin.share_facebook]]=[[Distribui.i pe Facebook]].[[screenshot_plugin.share_vk]]=[[Distribuie pe VK]].[[screenshot_plugin.share_pinterest]]=[[Distribuie pe Pinterest]].[[screenshot_plugin.share]]=[[Distribuiti pe retelele sociale.]]..[[screenshot_plu

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-6IF55.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1028)
                                                            Category:dropped
                                                            Size (bytes):10799
                                                            Entropy (8bit):4.980991806531341
                                                            Encrypted:false
                                                            SSDEEP:192:ZqSedRpnb7KNlUO6EzmyqAJLvu5cuBIHpGLsLfEnQ8W49RpFEjJTv/4w1rrom:ZqSedRpnKXUO6EBqAp25cuGJGLtQ749+
                                                            MD5:9F1DC3AECD16265A7C7A6D6267FB5F98
                                                            SHA1:4EE8C5160CD707004482EFC73BD152B5A0D0C284
                                                            SHA-256:F6C24CF6BAE9777E1694B92C88AFBE77C99791AED35EB0FDA44F33287455C047
                                                            SHA-512:FA473916834B79E56BBA1548707383ABD4B1C82BEDD8187C167B59679AF8529D5A6D4C585C6FB18706DF2B76827E95E7BF9C37535BC36BACB6128B037A37C724
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spara]].[[screenshot_plugin.copy]]=[[Kopiera]].[[screenshot_plugin.print]]=[[Skriv ut]].[[screenshot_plugin.fullscreen]]=[[V.lj fullsk.rm]].[[screenshot_plugin.clear]]=[[Rensa val]].[[screenshot_plugin.cancel]]=[[Avbryt]].[[screenshot_plugin.editonline]]=[[Redigera en shreenshot online]].[[screenshot_plugin.upload]]=[[Ladda ner till prntscr.com]].[[screenshot_plugin.close]]=[[St.ng]]..[[screenshot_plugin.share_googlesearch]]=[[S.k liknande bilder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.k liknande bilder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Skicka via e-mejl]].[[screenshot_plugin.share_twitter]]=[[Dela p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Dela p. Facebook]].[[screenshot_plugin.share_vk]]=[[Dela p. VK]].[[screenshot_plugin.share_pinterest]]=[[Dela p. Pinterest]].[[screenshot_plugin.share]]=[[Dela p. sociala n.tverk]]..[[screenshot_plugin.incorrect_size]]=[[Fel storlek]].[[screenshot_plugin.error_ca

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-7FPIH.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1120)
                                                            Category:dropped
                                                            Size (bytes):11186
                                                            Entropy (8bit):4.953572434226719
                                                            Encrypted:false
                                                            SSDEEP:192:GQSHp6E9U6hFEEoCyIf1SmCdtboLJaK1HwqhK2dRn1FQxH+dWcK2Z3Lhdk:GQSHmgEZCyIfYm1JaKFwqhKerFQxcWcM
                                                            MD5:70F2CB3F106AB633BD97214FFC1ED887
                                                            SHA1:2FC524704C19FB2F299CCE09573A3D7E2EF093F9
                                                            SHA-256:66ED6820B982F5055EAE9893338EA992A97F84A0280D1E8A54142ADA09D31821
                                                            SHA-512:71D56A062EC41A11294EFAD9018E80AEA039537A6077D25E140D766624DA1F467CB84067718AF80488A64ECED84D71FBFEF438CDF9434459C62B9BEC64BE7B90
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Lagre]].[[screenshot_plugin.copy]]=[[Kopi.r]].[[screenshot_plugin.print]]=[[Skriv ut]].[[screenshot_plugin.fullscreen]]=[[Velg fullskjermsvisning]].[[screenshot_plugin.clear]]=[[Fjern utsnitt]].[[screenshot_plugin.cancel]]=[[Avbryt]].[[screenshot_plugin.editonline]]=[[Redig.r skjermbildet i nettleseren]].[[screenshot_plugin.upload]]=[[Last opp til prntscr.com]].[[screenshot_plugin.close]]=[[Lukk]]..[[screenshot_plugin.share_googlesearch]]=[[S.k etter lignende bilder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.k etter lignende bilder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via e-post]].[[screenshot_plugin.share_twitter]]=[[Del p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Del p. Facebook]].[[screenshot_plugin.share_vk]]=[[Del p. VK]].[[screenshot_plugin.share_pinterest]]=[[Del p. Pinterest]].[[screenshot_plugin.share]]=[[Del p. sosiale nettverk]]..[[screenshot_plugin.incorrect_size]]=[[Feil st.rrelse]].[[scre

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-81R26.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):5927
                                                            Entropy (8bit):5.877550510084327
                                                            Encrypted:false
                                                            SSDEEP:96:sK9AfpSAWctdLxXmj3ouAKNzrl4MpBKclseHxaPFa6BEbGH:y4+BwrlBBRWPFDBEbGH
                                                            MD5:E57F6619FF7B09B3D7038553A3D24E0F
                                                            SHA1:79B1EAA08F83B9C9145791CE61CA2AFED470F2E0
                                                            SHA-256:05D69F78C57FE818645EAB63DD3CB51C0C51EBAF30B5C0556701D0B72547F4F0
                                                            SHA-512:14F1E21331A95C1663F43BB7FC80CE2AE4F13FC1D0A15F1DA5AF1B1831DD96A753AF56EB3FFD61D0EC73CABBB85ED72DB103587A3CC45A99ED0458D30CC7DC07
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.....]].[[screenshot_plugin.clear]]=[[..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[......]].[[screenshot_plugin.upload]]=[[... prntscr.com]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[.Google......]].[[screenshot_plugin.share_tineyesearch]]=[[.Tineye......]].[[screenshot_plugin.share_sendmail]]=[[........]].[[screenshot_plugin.share_twitter]]=[[..Twitter..]].[[screenshot_plugin.share_facebook]]=[[..Facebook..]].[[screenshot_plugin.share]]=[[........]]..[[screenshot_plugin.incorrect_size]]=[[.....]].[[screenshot_plugin.error_capt]]=[[..]]..[[screenshot_plugin.tooltip]]=[[....]].[[screenshot_plugin.open]]=[[..]].[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-8TG2P.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (606)
                                                            Category:dropped
                                                            Size (bytes):9229
                                                            Entropy (8bit):4.988338896224836
                                                            Encrypted:false
                                                            SSDEEP:192:tAvjPjfQGKGJZdnpTDrqUJFiiqrwHsyCR+lFj:tAvjjJ9RnhvqUfwrwML+lFj
                                                            MD5:BDD17AB1EDA8488B8CFE02327DF05F90
                                                            SHA1:031F1B7B21FB7C8BAA2FCD6FAD0589D8C5437629
                                                            SHA-256:0E251986CD97BDE529CC2726EFC18F821661301DF1B8F44FB17898F851393D82
                                                            SHA-512:4853412D4FC5A0293EC5F4C92F468B06924C00DEBDAA8A2B6372CD0C339D1C5B2B7360CF1BE353E2459ACEBA7C82AF33B04F552733E221C2A5CBE9246BE3277E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[I.saugoti]].[[screenshot_plugin.copy]]=[[Kopijuoti]].[[screenshot_plugin.print]]=[[Spausdinti]].[[screenshot_plugin.fullscreen]]=[[Pasirinkti vis. ekrano vaizd.]].[[screenshot_plugin.clear]]=[[I.trinti pasirinkim.]].[[screenshot_plugin.cancel]]=[[At.aukti]].[[screenshot_plugin.editonline]]=[[Koreguoti paveiksl.l. internete]].[[screenshot_plugin.upload]]=[[.kelti . prntscr.com]].[[screenshot_plugin.close]]=[[U.daryti]]..[[screenshot_plugin.share_googlesearch]]=[[Ie.koti pana.i. paveiksl.li. per Google]].[[screenshot_plugin.share_tineyesearch]]=[[Ie.koti pana.i. paveiksl.li. per Tineye]].[[screenshot_plugin.share_sendmail]]=[[I.si.sti elektroniniu pa.tu]].[[screenshot_plugin.share_twitter]]=[[Pasidalinti per Twitter]].[[screenshot_plugin.share_facebook]]=[[Pasidalinti per Facebook]].[[screenshot_plugin.share_vk]]=[[Pasidalinti per VK]].[[screenshot_plugin.share_pinterest]]=[[Pasidalinti per Pinterest]].[[screenshot_plugin.share]]=[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-8TNHF.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1055)
                                                            Category:dropped
                                                            Size (bytes):11043
                                                            Entropy (8bit):4.899724610981938
                                                            Encrypted:false
                                                            SSDEEP:96:uJlUX4Ha10tgVTvv4IrwEV+U0pECNKvpErN5NWcFYz4zJiuQlSZtw1x/7vLYwvfj:uJJ+MWn4smRcyJitSE1xjep3wqgb5
                                                            MD5:09540A630D97751B5B922D9A54D72FE4
                                                            SHA1:FABB626059A1A504888C23795470A4DE14C52445
                                                            SHA-256:6F931F38924CF8C233A1B46E5D80BAD2182F8DD0D670E7F54824D8CAA5AE0C11
                                                            SHA-512:C992B7545B70A77C0C4ACB7B4445F50BD35285DDB4B580C4573F99FCAC0EBF666431FD8B43715D1CF116F5379F8B0E375884C8C390697D4C2C0667AF99321A9D
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salvar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Selecionar tela inteira]].[[screenshot_plugin.clear]]=[[Limpar sele..o]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar captura de tela online]].[[screenshot_plugin.upload]]=[[Enviar para prntscr.com]].[[screenshot_plugin.close]]=[[Fechar]]..[[screenshot_plugin.share_googlesearch]]=[[Pesquisar imagens semelhantes no Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pesquisar imagens semelhantes no Tineye]].[[screenshot_plugin.share_sendmail]]=[[Enviar por email]].[[screenshot_plugin.share_twitter]]=[[Compartilhar no Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartilhar no Facebook]].[[screenshot_plugin.share_vk]]=[[Compartilhar no VK]].[[screenshot_plugin.share_pinterest]]=[[Compartilhar no Pinterest]].[[screenshot_plugin.share]]=[[Compartilhar nas redes sociais]]..[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-9MOHS.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1077)
                                                            Category:dropped
                                                            Size (bytes):10796
                                                            Entropy (8bit):4.8500073537614945
                                                            Encrypted:false
                                                            SSDEEP:96:15YyVRxmKsrFknz3kUBiPkNGN8+ynyRk6sjs3mJNI0PNdalxQ+bxpKjamdUb7Lz/:1ZXz3kenHZJ+0PNdXexpK+MyLiUF
                                                            MD5:0FCA4BD83616AFBB1979A4E191F0D8B4
                                                            SHA1:B7F14F5B8F9243842F75173E7B6B26A7B7423A5E
                                                            SHA-256:82DEC9FF06F22776DCA34A8846B3D78CD543FA90B3A6A7250B4E44428ADEDC64
                                                            SHA-512:5343F3CB21711B0E73AECA482FDB515596E35CBC4F7F53DBA6792ED829FB0876FD5BA485495B526493EC964C6081DF9FCE7111FBE4C3805DF185451C0466667E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Simpan]].[[screenshot_plugin.copy]]=[[Salin]].[[screenshot_plugin.print]]=[[Cetak]].[[screenshot_plugin.fullscreen]]=[[Pilih Layar Penuh]].[[screenshot_plugin.clear]]=[[Bersihkan Area]].[[screenshot_plugin.cancel]]=[[Batalkan]].[[screenshot_plugin.editonline]]=[[Menyunting screenshot secara online]].[[screenshot_plugin.upload]]=[[Unggah ke prntscr.com]].[[screenshot_plugin.close]]=[[Tutup]]..[[screenshot_plugin.share_googlesearch]]=[[Cari gambar yang mirip di Google]].[[screenshot_plugin.share_tineyesearch]]=[[Cari Gambar Serupa di Tineye]].[[screenshot_plugin.share_sendmail]]=[[Kirim lewat email]].[[screenshot_plugin.share_twitter]]=[[Bagikan di Twitter]].[[screenshot_plugin.share_facebook]]=[[Bagikan di Facebook]].[[screenshot_plugin.share_vk]]=[[Bagikan di VK]].[[screenshot_plugin.share_pinterest]]=[[Bagikan ke Pinterest]].[[screenshot_plugin.share]]=[[Bagikan di jejaring sosial]]..[[screenshot_plugin.incorrect_size]]=[[Ukuran Salah]].[[screenshot_pl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-A0PQV.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (758)
                                                            Category:dropped
                                                            Size (bytes):11110
                                                            Entropy (8bit):5.888845253303549
                                                            Encrypted:false
                                                            SSDEEP:192:s9fbIZVu2Cs+xlcera/n8lAZyUcGUfExTM81M:GbHF6n8lyJcGZM9
                                                            MD5:99F15556368A9025A678AE20E3E5EDB4
                                                            SHA1:1DAE062FE596367350FA7EAE68BBF1645C11A143
                                                            SHA-256:F07C0EE08ED2895729E734B349B1AF3CA8A0646126FD4E3A01D37A8DE299B7B8
                                                            SHA-512:BC69A8371EAE0AADDDB6B507E1B5E49F9BD18AB0595C0C8FCA02F9648E2736CCD6406907D3DD38121912D2FAC00639F563FBDFEE458876604692ECF05CC08906
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.. .. ..]].[[screenshot_plugin.clear]]=[[.. ..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[..... .... ..]].[[screenshot_plugin.upload]]=[[Prntscr.com. ...]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[Google.. ... ... ..]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye.. ... ... ..]].[[screenshot_plugin.share_sendmail]]=[[.... ...]].[[screenshot_plugin.share_twitter]]=[[Twitter. ..]].[[screenshot_plugin.share_facebook]]=[[Facebook.. ..]].[[screenshot_plugin.share_vk]]=[[VK. ..]].[[screenshot_plugin.share_pinterest]]=[[Pinterest. ..]].[[screenshot_plugin.share]]=[[.. ..... ..]]..[[screenshot_plugin.incorrect_size]]=[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-AILAG.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):4901
                                                            Entropy (8bit):5.025306265427669
                                                            Encrypted:false
                                                            SSDEEP:96:D3l5xtjCjfov3OxsC4hI4JmjFpob2H2mPt2se78UXUeP/5p8zbH8hMDkVoAHSAg:D3C3ebIjFpob2zPt2seQUXUeX5izbHUU
                                                            MD5:B120214A70252EA6E6676EF8ABC25F5C
                                                            SHA1:70D9579B75E377B2A28198BF107846EE936560FA
                                                            SHA-256:40946D5C72FDAEC7106FCB6E7F2114365988C76070A4D1E2C110721625E9406B
                                                            SHA-512:290E823F929A2E80AD4FF4F4648A4244468547A6DD128E117FD0300B21496E0E1B5FCFA3D1DB1D2B8E271DE45EB42A325954E2EBB5A4544EA4456CF97D6B22FF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[......]].[[screenshot_plugin.copy]]=[[......]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..........]].[[screenshot_plugin.clear]]=[[....]].[[screenshot_plugin.cancel]]=[[......]].[[screenshot_plugin.editonline]]=[[...........]].[[screenshot_plugin.upload]]=[[............ prntscr.com]].[[screenshot_plugin.close]]=[[...]]..[[screenshot_plugin.share_googlesearch]]=[[...................... Google]].[[screenshot_plugin.share_tineyesearch]]=[[...................... Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... Email]].[[screenshot_plugin.share_twitter]]=[[......... Twitter]].[[screenshot_plugin.share_facebook]]=[[......... Facebook]].[[screenshot_plugin.share_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-AVEB9.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (972)
                                                            Category:dropped
                                                            Size (bytes):10478
                                                            Entropy (8bit):4.9285769816878435
                                                            Encrypted:false
                                                            SSDEEP:192:ae+7X0nwCoFGDg9G8GvJDY6ZWY838Pa5tHW4brnMMEZyqe:9+7Enwag9GXvVYFY838Pa5tHfrnMzde
                                                            MD5:2B75C4A44B3D45B7F412638B34FC3D0E
                                                            SHA1:966765B328774BF3093EC293579C3D40DB215F27
                                                            SHA-256:269653CAA6B7C42F8E927CE48B273313302C8BF68E8DC67381F066F2F96C8D61
                                                            SHA-512:43CB33704A08158B6CBDBEFA71DD901F4383ACB2601C14DD4C75EA9A4F709D06F342B3B00D2AF7A9E9BBF785644FC93B8F0250E1BF643BAB823D6951BA83A92E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salvesta]].[[screenshot_plugin.copy]]=[[Kopeeri]].[[screenshot_plugin.print]]=[[Prindi]].[[screenshot_plugin.fullscreen]]=[[Vali t.isekraan]].[[screenshot_plugin.clear]]=[[Puhasta valitud]].[[screenshot_plugin.cancel]]=[[Loobu]].[[screenshot_plugin.editonline]]=[[Redigeeri kuvat.mmist v.rgus]].[[screenshot_plugin.upload]]=[[Lae .lesse prntscr.com lehele]].[[screenshot_plugin.close]]=[[Sule]]..[[screenshot_plugin.share_googlesearch]]=[[Otsi sarnaseid pilte Google-st]].[[screenshot_plugin.share_tineyesearch]]=[[Otsi sarnaseid pilte Tineye-st]].[[screenshot_plugin.share_sendmail]]=[[Saada E-mailga]].[[screenshot_plugin.share_twitter]]=[[Jaga Twitteris]].[[screenshot_plugin.share_facebook]]=[[Jaga Facebookis]].[[screenshot_plugin.share_vk]]=[[Jaga VKs]].[[screenshot_plugin.share_pinterest]]=[[Jaga Pinterest-is]].[[screenshot_plugin.share]]=[[Jaga sotsiaalv.rgustikes]]..[[screenshot_plugin.incorrect_size]]=[[Vale suurus]].[[screenshot_plugin.error_capt]]

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-B0F5N.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1050)
                                                            Category:dropped
                                                            Size (bytes):10777
                                                            Entropy (8bit):4.96781859221012
                                                            Encrypted:false
                                                            SSDEEP:192:m/cj3M/yhShJxNBYQJXSBWOJ+mJ0WnvOk98qp9gJC3wfKxJLvzt:mkA6hSPvPhq0m+kmkZPgJC3wfK5
                                                            MD5:EC2BCE92371B3A0B2DC4C4FC5CEB52D0
                                                            SHA1:5330E9AFBF34E1392624D320FBF2D96115460118
                                                            SHA-256:998C50A30EFCA47F3EBEBEF43AAE172B66274B1BB4FE9D956D1AA3521DFE072D
                                                            SHA-512:8C10A9D9BD856A7B101E089847680D6B3B2C85168F53287865F3B5D153BB0CCD75ED11BEFF4C8E9B1F8276195B5E95C5A2446E6EC4C969EF561593B340674BA0
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Gem]].[[screenshot_plugin.copy]]=[[Kopier]].[[screenshot_plugin.print]]=[[Print]].[[screenshot_plugin.fullscreen]]=[[V.lg fuld sk.rm]].[[screenshot_plugin.clear]]=[[Nulstil det valgte]].[[screenshot_plugin.cancel]]=[[Annuller]].[[screenshot_plugin.editonline]]=[[Rediger et sk.rmbillede online]].[[screenshot_plugin.upload]]=[[Upload til prntscr.com]].[[screenshot_plugin.close]]=[[Luk]]..[[screenshot_plugin.share_googlesearch]]=[[S.g lignende billeder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.g lignende billeder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Del p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Del p. Facebook]].[[screenshot_plugin.share_vk]]=[[Del p. VK]].[[screenshot_plugin.share_pinterest]]=[[Del p. Pinterest]].[[screenshot_plugin.share]]=[[Del p. dine sociale netv.rk]]..[[screenshot_plugin.incorrect_size]]=[[Forkert st.rrelse]].[[screenshot_plugin

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BE8DP.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):7252
                                                            Entropy (8bit):5.0367350116439455
                                                            Encrypted:false
                                                            SSDEEP:96:6n6T6sGi7HKD/HDnMBUjelc3zOfzO6t0w+K6Rqa6NH/2x6NH+7sXaDchJ4QZtBsN:Sm1bOMB/mOfzledk/d+7shJW8OP
                                                            MD5:282E5B1C57E18FA97A4D54AFEFDF2485
                                                            SHA1:D64C78923257FBDF9F136C2F1BC0D817305FB211
                                                            SHA-256:DDD5A868F9E0C9F988225B1E99223AA45C75122D9E5A399BED508D3C96EA6CD2
                                                            SHA-512:4581DD61F28A691F6AB00EC8C8F4E8B87DA15822D426167A623B1818ED1ED37CD5F07EB7328BE2977AADA422B544B049F112AD5AC5C94E5214A32C54556652DF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Saglab.t]].[[screenshot_plugin.copy]]=[[Kop.t]].[[screenshot_plugin.print]]=[[Druk.t]].[[screenshot_plugin.fullscreen]]=[[Iez.m.t pilnu ekr.nu]].[[screenshot_plugin.clear]]=[[Not.r.t iez.m.to]].[[screenshot_plugin.cancel]]=[[Atcelt]].[[screenshot_plugin.editonline]]=[[Redi..t ekr.nuz..mumu internet. onlain.]].[[screenshot_plugin.upload]]=[[Aug.upiel.d.t uz prntscr.com]].[[screenshot_plugin.close]]=[[Aizv.rt]]..[[screenshot_plugin.share_googlesearch]]=[[Mekl.t l.dz.gus att.lus Google]].[[screenshot_plugin.share_tineyesearch]]=[[Mekl.t l.dz.gus att.lus Tineye]].[[screenshot_plugin.share_sendmail]]=[[Nos.t.t pa e-pastu]].[[screenshot_plugin.share_twitter]]=[[Kop.got Twitter vietn.]].[[screenshot_plugin.share_facebook]]=[[Kop.got Facebook vietn.]].[[screenshot_plugin.share_vk]]=[[Kop.got VK vietn.]].[[screenshot_plugin.share_pinterest]]=[[Dal.ties Pinterest vietn.]].[[screenshot_plugin.share]]=[[Kop.got soci.lajos t.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BSHMP.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1008)
                                                            Category:dropped
                                                            Size (bytes):14747
                                                            Entropy (8bit):5.151861698418845
                                                            Encrypted:false
                                                            SSDEEP:192:ublJkhL8JJeAVUQHrJWIyVpiX2dZVAkVd/36bY:uhJkJqsq8riX2xkY
                                                            MD5:BB52B0A262414EB4D611072E7ADF8C58
                                                            SHA1:F7507947C3B45337409A2CC8133B1E685698A825
                                                            SHA-256:57EC7737EB0BCCC19F8674F1CC462C2A9A8554E2B0A167E3F01B8BC94129E054
                                                            SHA-512:FBB9B407892FEE54664FF63E700AC490D397A30A4EC64C433002ACA8D0806E1114C564DE05D0E5EB8574EC4CF1A2D8F42A78518F863E2D9DECEE9CC9B86E8467
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.........]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[..........]].[[screenshot_plugin.fullscreen]]=[[........ .. ..... .....]].[[screenshot_plugin.clear]]=[[..........]].[[screenshot_plugin.cancel]]=[[......]].[[screenshot_plugin.editonline]]=[[...... ...........]].[[screenshot_plugin.upload]]=[[....... . prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[....... .. ....... ........... . Google]].[[screenshot_plugin.share_tineyesearch]]=[[....... .. ....... ........... . Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... .... email]].[[screenshot_plugin.share_twitter]]=[[....... . Twitter]].[[screenshot_plugin.share_facebook]]=[[....... . Facebook]].[[screenshot_plugin.share_vk]]=[[....... .

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-C53KF.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1029)
                                                            Category:dropped
                                                            Size (bytes):11134
                                                            Entropy (8bit):5.158411756543586
                                                            Encrypted:false
                                                            SSDEEP:192:jcoX7cO/BHpiTSjmJn2C1oQHl5v+N4ioHuJaRA38N3:R5piTSS3t+NoHuIAMN3
                                                            MD5:B42697871A6AD6A19E4825A1949AAB85
                                                            SHA1:8D24E98FD532E511E1C147180D50A950FD72BA05
                                                            SHA-256:306603A966B7ACB1B4FEEA9ECC94E08E0C5C686C520083206005B0929A812F41
                                                            SHA-512:577E554F69D401CBFA0FF71A8A0814B616AF5B38476FEBD750062F9704251D45546ADC70244CD8402A5FD2D944640D7E43D790E064E95313ADEB4BF2FC0B0CCB
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Zapisz]].[[screenshot_plugin.copy]]=[[Kopiuj]].[[screenshot_plugin.print]]=[[Drukuj]].[[screenshot_plugin.fullscreen]]=[[Zaznacz ca.y ekran]].[[screenshot_plugin.clear]]=[[Wyczy.. zaznaczenie]].[[screenshot_plugin.cancel]]=[[Anuluj]].[[screenshot_plugin.editonline]]=[[Edytuj zrzut ekranu online ]].[[screenshot_plugin.upload]]=[[Prze.lij do prntscr.com]].[[screenshot_plugin.close]]=[[Zamknij]]..[[screenshot_plugin.share_googlesearch]]=[[Szukaj podobnych obraz.w w Google]].[[screenshot_plugin.share_tineyesearch]]=[[Szukaj podobnych obrazk.w w Tineye]].[[screenshot_plugin.share_sendmail]]=[[Wy.lij e-mailem]].[[screenshot_plugin.share_twitter]]=[[Udost.pnij na Twitterze]].[[screenshot_plugin.share_facebook]]=[[Udost.pnij na Facebooku]].[[screenshot_plugin.share_vk]]=[[Udost.pnij na VK]].[[screenshot_plugin.share_pinterest]]=[[Udost.pnij na Pinterest]].[[screenshot_plugin.share]]=[[Udost.pnij w serwisach spo.eczno.ciowych]]..[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CC49K.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1037)
                                                            Category:dropped
                                                            Size (bytes):11019
                                                            Entropy (8bit):4.926299005060986
                                                            Encrypted:false
                                                            SSDEEP:192:eRnNrVjKpqOZUgmpZifo4Prj33aBvf1oZfi:6Nr10qOUifo4Pv4n1oZa
                                                            MD5:1FECEA4E623EC7B0DFF4457589D2A901
                                                            SHA1:00DCA986CBF21798F42E57B76E9C234E010441D9
                                                            SHA-256:537C962EEC10C69CCA2CA6A11A5BA0FBFDCC15FE6896FA623D4DFB00CBDCE5E5
                                                            SHA-512:0726992375548CC358FCA8DAEB21A8E1F2FBB180AC7F2AEFEA90C32EF67910F5B1436FD9231D6F710FA43803E1CFC6DCF9101605225B26070ED07FC77A37995D
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Tallenna]].[[screenshot_plugin.copy]]=[[Kopioi]].[[screenshot_plugin.print]]=[[Tulosta]].[[screenshot_plugin.fullscreen]]=[[Valitse koko n.ytt.]].[[screenshot_plugin.clear]]=[[Tyhjenn. valinta]].[[screenshot_plugin.cancel]]=[[Peruuta]].[[screenshot_plugin.editonline]]=[[Muokkaa kuvankaappausta verkossa]].[[screenshot_plugin.upload]]=[[Lataa sivustolle prntscr.com]].[[screenshot_plugin.close]]=[[Sulje]]..[[screenshot_plugin.share_googlesearch]]=[[Etsi samanlaisia kuvia Googlesta]].[[screenshot_plugin.share_tineyesearch]]=[[Etsi samankaltaisia kuvia sivustolta Tineye]].[[screenshot_plugin.share_sendmail]]=[[L.het. s.hk.postilla]].[[screenshot_plugin.share_twitter]]=[[Jaa Twitteriss.]].[[screenshot_plugin.share_facebook]]=[[Jaa Facebookissa]].[[screenshot_plugin.share_vk]]=[[Jaa VK:ssa]].[[screenshot_plugin.share_pinterest]]=[[Jaa Pinterestiss.]].[[screenshot_plugin.share]]=[[Jaa sosiaalisessa mediassa]]..[[screenshot_plugin.incorrect_size]]=[[V..

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CD6D1.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):6048
                                                            Entropy (8bit):5.114480664907674
                                                            Encrypted:false
                                                            SSDEEP:96:0XjIMC5v/z9P0y9bzTGw5Om/RCafXLDDcm2ddt/D8PrXNCO:v/0wzTtLs8LID8L0O
                                                            MD5:70BA5C9C3E83584713663332BCF0ED60
                                                            SHA1:2093C3D4A269D6D80714E2DEB0F86B727B43B82E
                                                            SHA-256:4B04AC2BF41F9A71FD626297956759B0F3321851BFCDBB4D788EAFD3BC662EE8
                                                            SHA-512:F379313B91FD4EB976736C4D65624215FEFD381323F2F469E6AE7BDE2BE79B5DE6F5B34B28B90DCA1D3BE7BD5496DBC85DF5A0E22E88A1F4C38E2F30824AB132
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[...... ....... .....]].[[screenshot_plugin.editonline]]=[[..... ........ ......]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[.......... ...... ..... .. ......]].[[screenshot_plugin.share_twitter]]=[[....... .. Twitter]].[[screenshot_plugin.share_facebook]]=[[....... .. Facebook]].[[screenshot_plugin.share_pinterest]]=[[....... .. Pinterest]].[[screenshot_plugin.share]]=[[......... .. ........... .....]]..[[screenshot_plugin.error_capt]]=[[......]]..[[screenshot_plugin.tooltip]]=[[.......... ........]].[[screenshot_plugin.open]]=[[......]].[[screenshot_plugin.upload_failed_retry]]=[[............. .. .... ........ ....... .. ........?]]..[[screenshot_app.take_screensho

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CLMGG.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (922)
                                                            Category:dropped
                                                            Size (bytes):11379
                                                            Entropy (8bit):5.149530343017641
                                                            Encrypted:false
                                                            SSDEEP:192:AyTbrYFD5R8pz0o/N8/71xMjuvMgyHZLTGKIJl:RrYFeQoODyiM/HZfvIn
                                                            MD5:A6A1B66FA9E552BF131CF58D1EC6D5E9
                                                            SHA1:F2971C40374259A63FDD0BECEF50AF7A2A4F738D
                                                            SHA-256:BDDA3AF25EE6A69886A3F6C83BBED160928A762EA3E4185F31EFC46FCF64D8F7
                                                            SHA-512:66D646C405EC4CF49753B0A6953B069565405A594BF0B21D00B85CE97081C7DE107F85760CC7F187BA90416978F7746C2BA75F63E6AD9B992B6764D2A862CA1E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Kaydet]].[[screenshot_plugin.copy]]=[[Kopyala]].[[screenshot_plugin.print]]=[[Yazd.r]].[[screenshot_plugin.fullscreen]]=[[T.m ekran. se.]].[[screenshot_plugin.clear]]=[[Se.imi Temizle]].[[screenshot_plugin.cancel]]=[[.ptal]].[[screenshot_plugin.editonline]]=[[Ekran G.r.nt.s.n. .evrimi.i d.zenle]].[[screenshot_plugin.upload]]=[[Prntscr.com'a y.kle]].[[screenshot_plugin.close]]=[[Kapat]]..[[screenshot_plugin.share_googlesearch]]=[[Google'da benzer g.rselleri ara]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye'de benzer g.rselleri ara]].[[screenshot_plugin.share_sendmail]]=[[E-posta ile g.nder]].[[screenshot_plugin.share_twitter]]=[[Twitter'da payla.]].[[screenshot_plugin.share_facebook]]=[[Facebook'da payla.]].[[screenshot_plugin.share_vk]]=[[VK'da payla.]].[[screenshot_plugin.share_pinterest]]=[[Pinterest'de payla.]].[[screenshot_plugin.share]]=[[Sosyal a.larda payla.]]..[[screenshot_plugin.incorrect_size]]=[[Hatal. Boyut]].[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CQ1UE.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (610)
                                                            Category:dropped
                                                            Size (bytes):11008
                                                            Entropy (8bit):5.216434895376966
                                                            Encrypted:false
                                                            SSDEEP:192:7M3NbTZbVQiK9by4eFA6QOVG94YG9m/xFRcVWd:w9ZbVbK9by4EA6Qt479MxFRn
                                                            MD5:CD83A38536EF1AC82033C88B40C1C299
                                                            SHA1:39946888C6DBDD2327AEB9B3F323C85B80D01B15
                                                            SHA-256:1671AE6D38467FE894E2190AC4E03ECF443BCDB535348B4E3B861BC8BB030C58
                                                            SHA-512:FA71259F29AD9C7D5ADF37ADF971F9465551E23F2AA565AD8AE8700A9F093A290D182A36264206056538BF3DA5A47A962B86F6BF83D2F3942C800010B7FC41CF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[...]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..... ...... .....]].[[screenshot_plugin.clear]]=[[..... ........]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[..... ...... .. ......]].[[screenshot_plugin.upload]]=[[... ...... ... Prntscr.com]].[[screenshot_plugin.close]]=[[.....]]..[[screenshot_plugin.share_googlesearch]]=[[..... .. .... ..... .. ....]].[[screenshot_plugin.share_tineyesearch]]=[[..... .. .... ...... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[..... ... .......]].[[screenshot_plugin.share_twitter]]=[[... ... .....]].[[screenshot_plugin.share_facebook]]=[[...... ... ........]].[[screenshot_plugin.share_vk]]=[[........ ... VK]].[[screenshot_plugin.share_pinterest]]=

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-EQC0G.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1126)
                                                            Category:dropped
                                                            Size (bytes):16679
                                                            Entropy (8bit):5.169336661683813
                                                            Encrypted:false
                                                            SSDEEP:192:qfaE+2XPhY8md/HDKJcDvvLtvJ08sU7EhdopOrjYfq1JFuDzaomZK:qf0hKSjvL3sabgrjYfq1JFuDzbN
                                                            MD5:25CC5EB2A8E15D7903A31C83B0DB5096
                                                            SHA1:2ED5CFCBD5A2D96B308A75CEF705218E842A04F0
                                                            SHA-256:F4E2936E6CC32D0E41BF4A4FDA14623FB7665B5A8BCFC14D8595F0119359B05E
                                                            SHA-512:F5A0C91972F9C5650927A4DF82EA88D370206E55E0C57D54753781C012C714C19A87CDF1049BE017E68A7D4B07205E3065FE4AC27E04931E05BEE50397EC5A46
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[........]].[[screenshot_plugin.fullscreen]]=[[....... ....... ......]].[[screenshot_plugin.clear]]=[[........ ........]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[........... .... ............ online]].[[screenshot_plugin.upload]]=[[........... ... prntscr.com]].[[screenshot_plugin.close]]=[[........]]..[[screenshot_plugin.share_googlesearch]]=[[......... ......... ....... ... Google]].[[screenshot_plugin.share_tineyesearch]]=[[......... ......... ....... ... Tineye]].[[screenshot_plugin.share_sendmail]]=[[........ .... email]].[[screenshot_plugin.share_twitter]]=[[........... .. ... Twitter]].[[screenshot_plugin.share_facebook]]=[[......

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-ESSNP.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (651)
                                                            Category:dropped
                                                            Size (bytes):6945
                                                            Entropy (8bit):4.814228636128868
                                                            Encrypted:false
                                                            SSDEEP:96:NJ/zX4HGGRXVyr1IOECj8XOBnNYoBnNwHDoD0XoJhdkHiG4I5wYhBSK:NJaGGc1WOgo4HMtJhdkhxwYDj
                                                            MD5:C5D8FB04C0A7BE0D53FD031090BC36F8
                                                            SHA1:7738786D699380CFD5A13940C65EA86DBB1979EF
                                                            SHA-256:4357C2DD05BB87E381E07681B9E8D17FE5953997CCEF1045DC004A93B791F159
                                                            SHA-512:2D58FAA2C557B631AF7FF1022B1E8E77B6972D7405F748A706BE823C45B95165FE9B00087F49A7AEAB73420AE25AB96608869F23F7C8049BE5E0D07F9D7FBDA5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Guardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Selecionar tela inteira]].[[screenshot_plugin.clear]]=[[Limpar sele..o]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar captura de ecr. online]].[[screenshot_plugin.upload]]=[[Enviar para prntscr.com]].[[screenshot_plugin.close]]=[[Fechar]]..[[screenshot_plugin.share_googlesearch]]=[[Pesquisar imagens semelhantes no Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pesquisar imagens semelhantes no Tineye]].[[screenshot_plugin.share_sendmail]]=[[Enviar por email]].[[screenshot_plugin.share_twitter]]=[[Partilhar no Twitter]].[[screenshot_plugin.share_facebook]]=[[Partilhar no Facebook]].[[screenshot_plugin.share_vk]]=[[Partilhar no VK]].[[screenshot_plugin.share_pinterest]]=[[Partilhar no Pinterest]].[[screenshot_plugin.share]]=[[Partilhar nas redes sociais]]..[[screenshot_plugin.incorrect_siz

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-F63GH.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1059)
                                                            Category:dropped
                                                            Size (bytes):11416
                                                            Entropy (8bit):4.851928229994875
                                                            Encrypted:false
                                                            SSDEEP:192:Z2vutYYceg7EJNgSPPgLJs5sMTsBJhlpXR/QOQ2EwolUwEsYK:Z2UYYcv7MgSPPgL9QyZR/QOLENUwEsYK
                                                            MD5:C7532FCF181919333E0A247E447CF56E
                                                            SHA1:CF1ADF1C620BA5AEF0F26066964E9D2447EA9211
                                                            SHA-256:037F23F925BA25D30D221D0FB36FE9925DBEA3079A4AAFEDC13ECC9A8D306F40
                                                            SHA-512:A95FF21659E6F68A49B011AB47BF4C24990F1318CD0CD9661AC6A55C7B0A178EAD9D533C81D5B916C12C4A5ED7AF9013DA739FA33F463807634A6D43497A3F49
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Guardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Seleccionar pantalla completa]].[[screenshot_plugin.clear]]=[[Borrar selecci.n]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar una captura de pantalla en l.nea]].[[screenshot_plugin.upload]]=[[Subir a prntscr.com]].[[screenshot_plugin.close]]=[[Cerrar]]..[[screenshot_plugin.share_googlesearch]]=[[Buscar im.genes similares en Google]].[[screenshot_plugin.share_tineyesearch]]=[[Buscar im.genes similares en Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via email]].[[screenshot_plugin.share_twitter]]=[[Compartir en Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartir en Facebook]].[[screenshot_plugin.share_vk]]=[[Compartir en VK]].[[screenshot_plugin.share_pinterest]]=[[Compartir en Pinterest]].[[screenshot_plugin.share]]=[[Compartir en redes sociales]]..[[screenshot_plugin.incorrec

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-GSB4H.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (984)
                                                            Category:dropped
                                                            Size (bytes):10821
                                                            Entropy (8bit):4.994608224609736
                                                            Encrypted:false
                                                            SSDEEP:192:vDwRfRSjHqgB0esAvlJz6FVeYZxUb/kEAemIhk5INW:vmsN0esAd16iYHS/s1
                                                            MD5:6F6D725EF25A08411050A1B8B64971ED
                                                            SHA1:8931A4ADCC03DA6E792B27AE75D5A6B7F800628B
                                                            SHA-256:2C54125C6083783887B438DC2B503DE6C3396819EDF0A553446117E2D61E7316
                                                            SHA-512:20463FF7432B510BA1383342690E321607559F7D5C564E32FC4BD3F902BC6A4BE299F8FE21673FA99BA7F6C7B6FB9F31EA3355B7643EA8E4E5F0449448C801BE
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Snimi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Od.tampaj]].[[screenshot_plugin.fullscreen]]=[[Izaberi ceo ekran]].[[screenshot_plugin.clear]]=[[Obri.i selektovano]].[[screenshot_plugin.cancel]]=[[Otka.i]].[[screenshot_plugin.editonline]]=[[Izmeni sliku onlajn]].[[screenshot_plugin.upload]]=[[Otpremi na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Pretra.i sli.ne fotografije na Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pretra.i sli.ne fotografije na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.alji elektronskom po.tom]].[[screenshot_plugin.share_twitter]]=[[Podeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Deli na VK]].[[screenshot_plugin.share_pinterest]]=[[Deli na Pinterestu]].[[screenshot_plugin.share]]=[[Deli na socijalnim mre.ama]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-I74P8.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1017)
                                                            Category:dropped
                                                            Size (bytes):11222
                                                            Entropy (8bit):5.219145596006698
                                                            Encrypted:false
                                                            SSDEEP:192:xWe5DsmcCixfhbBqJJzgncA2/ERbHsALb2kzIZGx:cVm7iRhb8NtA2/ENHjSkzIZy
                                                            MD5:B69442C812103E4D0679A07D0EEC0AF8
                                                            SHA1:9EA6A3F20A49EF7B10895622B71E8F346216A370
                                                            SHA-256:EDA81D8D1BF445FEAC5AF9A7B2F6FF10F39C57449FB5FE202D2662B596DD2AA6
                                                            SHA-512:BC15A2A46FA508E99951C66CA66911727441F5FD98478B6630B3BDB6A3DAF42E6F7B9030B2B5FBC161391F9D28F748A210E6C5E4992F18E5914258EE1F5865A0
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ulo.it]].[[screenshot_plugin.copy]]=[[Kop.rovat]].[[screenshot_plugin.print]]=[[Vytisknout]].[[screenshot_plugin.fullscreen]]=[[Vybrat celou obrazovku]].[[screenshot_plugin.clear]]=[[Odstranit v.b.r]].[[screenshot_plugin.cancel]]=[[Zru.it]].[[screenshot_plugin.editonline]]=[[Editovat sn.mek online]].[[screenshot_plugin.upload]]=[[Nahr.t na prntscr.com]].[[screenshot_plugin.close]]=[[Zav..t]]..[[screenshot_plugin.share_googlesearch]]=[[Vyhledat podobn. obr.zky na Googlu]].[[screenshot_plugin.share_tineyesearch]]=[[Vyhledat podobn. obr.zky na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Poslat p.es email]].[[screenshot_plugin.share_twitter]]=[[Sd.let na Twitteru]].[[screenshot_plugin.share_facebook]]=[[Sd.let na Facebooku]].[[screenshot_plugin.share_vk]]=[[Sd.let na VK]].[[screenshot_plugin.share_pinterest]]=[[Sd.let na Pinterestu]].[[screenshot_plugin.share]]=[[Sd.let na soci.ln.ch s.t.ch]]..[[screenshot_plugin.incorrect_size]]=[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-IAHQC.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (964)
                                                            Category:dropped
                                                            Size (bytes):19027
                                                            Entropy (8bit):4.732656173496707
                                                            Encrypted:false
                                                            SSDEEP:192:ymv+jGFpi96ZkSaMSbZU+kBMMqJxb5t00Ue7g0acUzSq:bvyGF8cZkSaM2ZGMM2xb5t0VYg0acUOq
                                                            MD5:BCB08DB5044B9ECD6FDD972342919E64
                                                            SHA1:225C6464CA0FE7CF5BEF790ABD7DBFEF7232890B
                                                            SHA-256:6AB63FBA0DEDFEAD6B75105378015DDC38F4C72007A1D2D4DB8BAEE9FE3CD93D
                                                            SHA-512:0290B6584C3DA452A7CA5EA654CF1B9834BA3409EF093470881CF9AE2C833E6BADDC462FB59D0B534FFFA6ED08199C1A8FE73FA6B706CFCF892E7D9BDFDE5E35
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[... ....]].[[screenshot_plugin.copy]]=[[... ....]].[[screenshot_plugin.print]]=[[....... ....]].[[screenshot_plugin.fullscreen]]=[[........ ....... ....... ....]].[[screenshot_plugin.clear]]=[[....... ..... ....]].[[screenshot_plugin.cancel]]=[[..... ....]].[[screenshot_plugin.editonline]]=[[....... .... ......... .... ....]].[[screenshot_plugin.upload]]=[[Prntscr.com . ..... ....]].[[screenshot_plugin.close]]=[[.... ....]]..[[screenshot_plugin.share_googlesearch]]=[[..... ... ..... ... ......]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye .. ...... ... ......]].[[screenshot_plugin.share_sendmail]]=[[...... .....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-IMREP.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (958)
                                                            Category:dropped
                                                            Size (bytes):11265
                                                            Entropy (8bit):5.379695241539821
                                                            Encrypted:false
                                                            SSDEEP:192:SE5vQkbk3X9ipa+ZDjM/vwr7b9a6vZOQjdFE+dXvEVsIqLXRNe8S2TmorJi:/vNp3pM/v6kQjVnLhNeF2T5rk
                                                            MD5:9EF4A08C21E1448BED2D3DCF8AE3B922
                                                            SHA1:F2209C45F7DCA7BC1FA60E454E9C8C52AB570DFA
                                                            SHA-256:9C1DEFA92587EC92A09B098745ECCAA5B8F7197FA154A41A74C663F62C532C21
                                                            SHA-512:45F03E9A8CCB794D0EA8264EAAA3237E1FA37A086EB23BD2214EE6EB22E948A3A4706031CE3F9E6A1508F45C05C327A9A610D1748901899FB44FCC62B1EA0980
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..... ....]].[[screenshot_plugin.copy]]=[[... ....]].[[screenshot_plugin.print]]=[[.... ....]].[[screenshot_plugin.fullscreen]]=[[.... .... .... .. ...... ....]].[[screenshot_plugin.clear]]=[[...... ..... ....]].[[screenshot_plugin.cancel]]=[[..... ....]].[[screenshot_plugin.editonline]]=[[.... .... ... ... ..... ....]].[[screenshot_plugin.upload]]=[[.. ..... .... prntscr.com]].[[screenshot_plugin.close]]=[[... ....]]..[[screenshot_plugin.share_googlesearch]]=[[.... .. .... .... ...... .. .... ....]].[[screenshot_plugin.share_tineyesearch]]=[[.. .... .... ...... .. .... .... Tineye]].[[screenshot_plugin.share_sendmail]]=[[...... .. ... ..... ....]].[[screenshot_plugin.share_twitter]]=[[..... .. ..... ....]].[[screenshot_plugin.share_facebook]]=[[...

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-J0TS2.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1086)
                                                            Category:dropped
                                                            Size (bytes):11509
                                                            Entropy (8bit):5.18057505039434
                                                            Encrypted:false
                                                            SSDEEP:192:Lvds3tZ9zOx4vWeW8AcpmJvh10ootkptXdVdA7qI/g1:6Fm4vWeW8EBykpttVdIQ
                                                            MD5:1CCB1D13BEF7FE4BCBDE7E8ADF3C7F51
                                                            SHA1:F1CBF6569C36AAF6226C18AFF56EA19720F2D513
                                                            SHA-256:E272C3467A7CAFF058318DD4774D627F9A66B6AFFAB1681388DEB828352A7B7B
                                                            SHA-512:909936FB6FE2E20A95A016CED8B0A6576A6DE1BCA208E8AE8E000B41322FC9D4713687E0128A4A1008BC838D13E7DE71E8EB2D1CD3B59475060FDA6043946FE9
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ulo.i.]].[[screenshot_plugin.copy]]=[[Kop.rova.]].[[screenshot_plugin.print]]=[[Vytla.i.]].[[screenshot_plugin.fullscreen]]=[[Ozna.i. cel. obrazovku]].[[screenshot_plugin.clear]]=[[Zru.i. ozna.enie]].[[screenshot_plugin.cancel]]=[[Zru.i.]].[[screenshot_plugin.editonline]]=[[Upravi. screenshot online]].[[screenshot_plugin.upload]]=[[Nahra. do prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori.]]..[[screenshot_plugin.share_googlesearch]]=[[H.ada. podobn. obr.zky na Googli]].[[screenshot_plugin.share_tineyesearch]]=[[H.ada. podobn. obr.zky na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Posla. pomocou emailu]].[[screenshot_plugin.share_twitter]]=[[Zdie.a. na Twittri]].[[screenshot_plugin.share_facebook]]=[[Zdie.a. na Facebooku]].[[screenshot_plugin.share_vk]]=[[Zdie.a. na VK]].[[screenshot_plugin.share_pinterest]]=[[Zdie.a. na Pinterest]].[[screenshot_plugin.share]]=[[Zdie.a. na soci.lnych sie.ach]]..[[screenshot_pl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-JRP0E.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1121)
                                                            Category:dropped
                                                            Size (bytes):11553
                                                            Entropy (8bit):4.986278108970552
                                                            Encrypted:false
                                                            SSDEEP:192:Z0yXXggtZt2AkOqhaJkesqIM4qLDVdlHiCNHt8e/wrZhcurGw:iyXlEa2eH1lCCNHtVsrcLw
                                                            MD5:C472AAE2B0373E15A29D72B3CF5E0E3D
                                                            SHA1:D8D0F01FBD6C0EBD69E68951E846915268B199E9
                                                            SHA-256:DCBE37332E05768D3A3F9E46686F4BEF18A4B9F4622BA9BC9F2BF0451092419B
                                                            SHA-512:A4EF6FC6D6A67A52E45EA7172E8CF0292B9EB803B2205231ACE4E2850E7E1CDF83659216D4750DD9DDB6FB0AA63FC6A5F9D55A6192E1D8E0176729A840DADA32
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ruaj]].[[screenshot_plugin.copy]]=[[Kopjo]].[[screenshot_plugin.print]]=[[Printoje]].[[screenshot_plugin.fullscreen]]=[[Selektoni ekran t. plot.]].[[screenshot_plugin.clear]]=[[Pastro selektimin]].[[screenshot_plugin.cancel]]=[[Anulo]].[[screenshot_plugin.editonline]]=[[Redaktoni nj. prerje n. Internet]].[[screenshot_plugin.upload]]=[[Ngarko te prntscr.com]].[[screenshot_plugin.close]]=[[Mbylle]]..[[screenshot_plugin.share_googlesearch]]=[[K.rko imazhe t. ngjash.m n. Google]].[[screenshot_plugin.share_tineyesearch]]=[[K.rko Imazhe t. ngjashme n. Tineye]].[[screenshot_plugin.share_sendmail]]=[[D.rgo me Email]].[[screenshot_plugin.share_twitter]]=[[Shp.rndaje n. Twitter]].[[screenshot_plugin.share_facebook]]=[[Shp.rndaje n. Facebook]].[[screenshot_plugin.share_vk]]=[[Shp.rndaje n. VK]].[[screenshot_plugin.share_pinterest]]=[[Shp.rndaje n. Pinterest]].[[screenshot_plugin.share]]=[[Shp.rndaje n. Rrjetet Sociale]]..[[screenshot_plugin.in

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-KIJS9.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):10491
                                                            Entropy (8bit):5.221991886945581
                                                            Encrypted:false
                                                            SSDEEP:192:NsjQz5zHyfBbXLml6M3isxynpphK0gmPq48YI9xXtqV81GlW:mslYp8pdqVkUW
                                                            MD5:A91D80CB2770EA0BD50DB9690FC5D6DF
                                                            SHA1:762226BD50FB39C7AFA9AC6B55688D48376D1E25
                                                            SHA-256:D8EDEC9A317E7722D304486657AE047B1627CD3FE80F2EEBC6BDA88D8323673E
                                                            SHA-512:3950B544A83FBB12003D622B60D96ABE104CE5B2A60E33C3C7474F256AD35902C26B79C10346F69C5F0E01209F2DB01C3B9CB842768243B9C00D83591B41D076
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.....]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..... .... ....]].[[screenshot_plugin.clear]]=[[... .... ......]].[[screenshot_plugin.cancel]]=[[... ....]].[[screenshot_plugin.editonline]]=[[...... ...... ....... ...]].[[screenshot_plugin.upload]]=[[........ .. prntscr.com]].[[screenshot_plugin.close]]=[[....]]..[[screenshot_plugin.share_googlesearch]]=[[...... ...... ..... .. ....]].[[screenshot_plugin.share_tineyesearch]]=[[...... ...... ..... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[..... .. .....]].[[screenshot_plugin.share_twitter]]=[[...... ..... .. ......]].[[screenshot_plugin.share_facebook]]=[[...... ..... .. ......]].[[screenshot_plugin.share_vk]]=[[...... ..... .. VK]].[[screenshot_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-NAV72.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):5991
                                                            Entropy (8bit):5.132534694916237
                                                            Encrypted:false
                                                            SSDEEP:96:eJScXTmxKGH+EOs69U8sh6wx3KRKSPRoEo2foFTNMwx3KRNjo1fEAjrxWyyH0nTw:0RD/sh6h9RbhQEJd
                                                            MD5:B59655503491EDE3F4E384D1CD1D4B92
                                                            SHA1:B7C97861BE859DD9B5CD4B5B6417E74072EB6389
                                                            SHA-256:5668F40DE78CFAC84078449DE88F628C49C126C43E14EB9E4F10A2CA689BDF85
                                                            SHA-512:423A6F639AE3071F436EB31C684196C620C88FCFFAEB2C1326E6974545BE2DEDB040167828E1527D1EEB268013EDFFED867E8655A25783CAFE4254031D7375D4
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[....... ..... ..... ......]].[[screenshot_plugin.editonline]]=[[...... ..... ......]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_twitter]]=[[...... .. .......]].[[screenshot_plugin.share_facebook]]=[[...... .. ........]].[[screenshot_plugin.share_pinterest]]=[[...... .. ..........]].[[screenshot_plugin.share]]=[[...... .. .......... .......]]..[[screenshot_plugin.error_capt]]=[[......]]..[[screenshot_plugin.tooltip]]=[[...... ........]].[[screenshot_plugin.upload_failed_retry]]=[[..... .......... ...... ......?]]..[[screenshot_app.help]]=[[.....]].[[screenshot_app.exit]]=[[.....]].[[screenshot_app.copyright]]=[[%company% ... ..... .........]]..[[screenshotplugin_name]]=[[Lightshot (....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-NPUBO.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):7426
                                                            Entropy (8bit):4.869278439819597
                                                            Encrypted:false
                                                            SSDEEP:96:VbHZ0uGuyz76LcGO1MHwaYNfYNcYZvyi4E8JRRsBsN6GbTMhzT3ocCBQMl:VbfyCLCaQIwFJjN6mTMhIcCqMl
                                                            MD5:8990E3DC38D9E65460480F257204E37D
                                                            SHA1:566FB8314D0385A66071D8BCC4DE5307699E88C4
                                                            SHA-256:46330DDC3BCA222A6BEEC79291C5CC09FF59FE7AF2613059D935ED88C92861FC
                                                            SHA-512:005EF52768441CAD3AC3C7FFAA0227E16C3FD602109EA9A4D1C74284625D9DD86C4BF88179E3E1FE73D3830BD59D58D8378C13D99D49D17E4196EBAA4ABB8129
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Shrani]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Tiskaj]].[[screenshot_plugin.fullscreen]]=[[Izberi celoten zaslon]].[[screenshot_plugin.clear]]=[[Po.isti selekcijo]].[[screenshot_plugin.cancel]]=[[Prekli.i]].[[screenshot_plugin.editonline]]=[[Uredite posnetek zaslona na spletu]].[[screenshot_plugin.upload]]=[[Nalo.i na prntscr.com]].[[screenshot_plugin.close]]=[[Zapri]]..[[screenshot_plugin.share_googlesearch]]=[[I..i podobne slike na Google-u]].[[screenshot_plugin.share_tineyesearch]]=[[I..i podobne slike na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.lji preko elektronske po.te]].[[screenshot_plugin.share_twitter]]=[[Deli na Twitter-ju]].[[screenshot_plugin.share_facebook]]=[[Deli na Facebook-u]].[[screenshot_plugin.share_vk]]=[[Deli na VK]].[[screenshot_plugin.share_pinterest]]=[[Deli na Pinterest]].[[screenshot_plugin.share]]=[[Deli na dru.benih omre.jih]]..[[screenshot_plugin.incorrect_size]]=[[Napa.n

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-OLJSA.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1094)
                                                            Category:dropped
                                                            Size (bytes):11567
                                                            Entropy (8bit):4.848204007772776
                                                            Encrypted:false
                                                            SSDEEP:192:5ZzCVYfObAtzv/ujSDe6Em5s5tfVuUwZ1wMzzklzNVLLwN2:5EyOUtje6EmK5twRW2wlpVI2
                                                            MD5:1DBF0C68099CDAA5F8800DC14AA2F5B0
                                                            SHA1:F43D913B1FA098F89B28756CEC754022AFE62C3C
                                                            SHA-256:B82B3A16C09AB2E1340C1D42F22146B30B7445CE1652D2114412F7A1AF6AECEF
                                                            SHA-512:89AD7CDC635D128A22081100E1DA0A2ED89B90582B856172DE2E2901DDDFA09A21E1E27A4139C68096160B836FFC37E1C7AF0DE81232A624B683DF4FCD49F9F3
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Opslaan]].[[screenshot_plugin.copy]]=[[Kopi.ren]].[[screenshot_plugin.print]]=[[Afdrukken]].[[screenshot_plugin.fullscreen]]=[[Het volledige scherm kiezen]].[[screenshot_plugin.clear]]=[[Keuze wissen]].[[screenshot_plugin.cancel]]=[[Afbreken]].[[screenshot_plugin.editonline]]=[[Een afbeelding op het web bewerken]].[[screenshot_plugin.upload]]=[[Naar prntscr.com versturen]].[[screenshot_plugin.close]]=[[Afsluiten]]..[[screenshot_plugin.share_googlesearch]]=[[Soortgelijke afbeeldingen op Google zoeken]].[[screenshot_plugin.share_tineyesearch]]=[[Soortgelijke afbeeldingen op Tineye zoeken]].[[screenshot_plugin.share_sendmail]]=[[Via de e-post versturen]].[[screenshot_plugin.share_twitter]]=[[Via Twitter delen]].[[screenshot_plugin.share_facebook]]=[[Via Facebook delen]].[[screenshot_plugin.share_vk]]=[[Via VK delen]].[[screenshot_plugin.share_pinterest]]=[[Via Pinterest delen]].[[screenshot_plugin.share]]=[[Op maatschappelijke netwerken delen]]..[[screensh

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-OOBMK.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (972)
                                                            Category:dropped
                                                            Size (bytes):10728
                                                            Entropy (8bit):5.002922909528201
                                                            Encrypted:false
                                                            SSDEEP:192:bhiGeQB+hn6Q6ZyUHL+Je2BPHibk8IpM/4ACNM0SwKiKeT:diGeQBIiLr+Vibk7Q4vuOT
                                                            MD5:E53D7FDAE82FE462BD51C0B1AE52CFD7
                                                            SHA1:A502CA692306A1B5F4A3105271DDAF759BF4CFBA
                                                            SHA-256:861AD3BA1045D7BCFDC455226F13C43DC07808F4286850ED3F2C1875CE202790
                                                            SHA-512:D5C9183C4E73F0C62E74E1F3425D962AB194EC570EB15F28564EEF193E3305CC94CAEB488682865753A07995F12FC8C8571D3E4EE16566F32526C8D83DCCFAB9
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spremi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Printaj]].[[screenshot_plugin.fullscreen]]=[[Odaberi cijeli ekran]].[[screenshot_plugin.clear]]=[[Ukloni selekciju]].[[screenshot_plugin.cancel]]=[[Otkazati]].[[screenshot_plugin.editonline]]=[[Uredi screenshot online]].[[screenshot_plugin.upload]]=[[Uploaduj na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Prona.i sli.ne slike na Google-u]].[[screenshot_plugin.share_tineyesearch]]=[[Prona.i sli.ne slike na Tineye-u]].[[screenshot_plugin.share_sendmail]]=[[Po.alji pute mail-a]].[[screenshot_plugin.share_twitter]]=[[Podijeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podijeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Podijeli na VK]].[[screenshot_plugin.share_pinterest]]=[[Podijeli na Pinterest]].[[screenshot_plugin.share]]=[[Podijeli na Socijalne Mre.e]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na vel

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-P4415.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (321)
                                                            Category:dropped
                                                            Size (bytes):14334
                                                            Entropy (8bit):4.609688160373262
                                                            Encrypted:false
                                                            SSDEEP:384:aUcWmY/kAospx5Clx5rcIyqQY4ej0FKwF7uiQ+LY9q:NHus
                                                            MD5:4D839F6C4DB8B58158BA136BBE209E50
                                                            SHA1:BA84439054819925F1FCC8118536B12F67A4262B
                                                            SHA-256:8844248F8E3446BB01581C801275E060C0E8171B150C84A2552D26ECCC1349D5
                                                            SHA-512:7EC12E55AAD2EF65F57B08F53FD392E5D2278402FDFB1F6BB6E22A4212D40F7300FBACD269F57D29BC24443CD7643969DA85013375613CB0407C597726AFEF5F
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[........]].[[screenshot_plugin.fullscreen]]=[[..... ....... ......]].[[screenshot_plugin.clear]]=[[...........]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[......... ...... ........]].[[screenshot_plugin.upload]]=[[........ prntscr.com-..]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[....... ....... ....... Google-..]].[[screenshot_plugin.share_tineyesearch]]=[[....... ....... ....... Tineye-..]].[[screenshot_plugin.share_sendmail]]=[[...... ........ ..-.......]].[[screen

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-PMK5V.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1201)
                                                            Category:dropped
                                                            Size (bytes):15600
                                                            Entropy (8bit):5.1688353887279685
                                                            Encrypted:false
                                                            SSDEEP:192:i/W1SS0iUUoxQvheweKapAccse6c8VWbsFVG9i7WCatOV3+QVguVNo5EPrR9:vYBSvIVJpAT6crbpU6zG+Co+jb
                                                            MD5:45BF9B5D594B33A064AE4C04C4C3C96A
                                                            SHA1:5FFB92F13CA6B7F61CAD36839EBBA97A4BE67925
                                                            SHA-256:71FBFCC0E199ED012DECF96CE7671CF9A5D4B72F765281A1A66545DDBF025209
                                                            SHA-512:9C2E89B26AE36DFF4A182AF0C826DE08A46AD0F36FB59C665F247E0EAE5642882018FB946C11D5CEB2B6EFBB75FB7E6914A2AEF387B1DC8ED9AAC26E56A574F5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.........]].[[screenshot_plugin.copy]]=[[..........]].[[screenshot_plugin.print]]=[[......]].[[screenshot_plugin.fullscreen]]=[[........ .... .....]].[[screenshot_plugin.clear]]=[[........]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[.............]].[[screenshot_plugin.upload]]=[[......... .. prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[...... ....... ........... .. Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ....... ........... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[......... .. email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... .. Facebook]].[[screenshot_plugin.share_vk]]=[[.......... ....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RC65G.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1243)
                                                            Category:dropped
                                                            Size (bytes):11981
                                                            Entropy (8bit):4.93189390113932
                                                            Encrypted:false
                                                            SSDEEP:192:uARZ7EKUbDhTJiS9Ckyp9WHl8DaWtuz+rTuIz9m:uARGKIDhT7CNgHl8DayrTFm
                                                            MD5:61C9C831A6C90D4C7E34DE114CF01AD2
                                                            SHA1:FE1456F52D3731F844F890ABCD42F03011AB27CC
                                                            SHA-256:86FAFD94CF0E4D7AC3C7C510E60364690286F43E8A6E051A72DC5CD845FBA47F
                                                            SHA-512:007DADBDBB22375EA2287DEDFFF5B66D51BAAE570113089821BA9A78CEC740BB1813336BB3B2D6611E4B0F7BE5CEA4ACDFF6F463205FBA241148B06CBD0A3BDD
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Sauvegarder]].[[screenshot_plugin.copy]]=[[Copier]].[[screenshot_plugin.print]]=[[Imprimer]].[[screenshot_plugin.fullscreen]]=[[S.lectionner tout l..cran]].[[screenshot_plugin.clear]]=[[Effacer la s.lection]].[[screenshot_plugin.cancel]]=[[Annuler]].[[screenshot_plugin.editonline]]=[[Modifier la capture d..cran en ligne]].[[screenshot_plugin.upload]]=[[Publier sur prntscr.com]].[[screenshot_plugin.close]]=[[Fermer]]..[[screenshot_plugin.share_googlesearch]]=[[Rechercher des images similaires sur Google]].[[screenshot_plugin.share_tineyesearch]]=[[Rechercher des images similaires sur Tineye]].[[screenshot_plugin.share_sendmail]]=[[Envoyer par courriel]].[[screenshot_plugin.share_twitter]]=[[Partager sur Twitter]].[[screenshot_plugin.share_facebook]]=[[Partager sur Facebook]].[[screenshot_plugin.share_vk]]=[[Partager sur VK]].[[screenshot_plugin.share_pinterest]]=[[Partager sur Pinterest]].[[screenshot_plugin.share]]=[[Partager sur les r.seaux soc

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RG6F8.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):2571
                                                            Entropy (8bit):4.694878240736071
                                                            Encrypted:false
                                                            SSDEEP:48:Ys6dy6K/fF4feFlcjMYZ+XNalc+54YOmmJVl1ULw:hf6feFmoYZicWRYOmmJVl1Uk
                                                            MD5:6AF8D75A375BF14CE817227FA848B8C4
                                                            SHA1:54A880E4AB5F10E895D016012B4AD73BB4B7E24E
                                                            SHA-256:6D6897C134235CEB66BE8B9DE9E0C93C1906681B7BD7153169F423CAF66501CE
                                                            SHA-512:EE2A1DF21F530114D0B65A68EC6738B5776BDA3D04447CE3B021F1C374E27B6F389B368C4C9202BCB8E5492B421FE63E4257F20B36670685C8E5B5ED3C5B863C
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Gardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Seleccionar pantalla completa]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.close]]=[[Pechar]]..[[screenshot_plugin.share_googlesearch]]=[[Procurar imaxes semellantes no Google]].[[screenshot_plugin.share_sendmail]]=[[Enviar v.a correo electr.nico]].[[screenshot_plugin.share_twitter]]=[[Compartir no Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartir no Facebook]].[[screenshot_plugin.share_pinterest]]=[[Compartir no Pinterest]].[[screenshot_plugin.share]]=[[Compartir nas redes sociais]]..[[screenshot_plugin.error_capt]]=[[Erro]]..[[screenshot_plugin.tooltip]]=[[Seleccionar .rea]].[[screenshot_plugin.open]]=[[Abrir]].[[screenshot_plugin.upload_failed_retry]]=[[Erro ao cargar. Volver tentar?]]..[[screenshot_app.take_screenshot]]=[[Facer unha captura de pantalla]].[[screenshot_app.about]]=[[Acerca de]].[[scre

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-SBUF0.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628)
                                                            Category:dropped
                                                            Size (bytes):9937
                                                            Entropy (8bit):6.105361124203797
                                                            Encrypted:false
                                                            SSDEEP:192:4UtpV4BB0ufTy1A+XJRps1w3yUAa5B1Hsn:4UtpVKB0uryJXpI8h4
                                                            MD5:FACF10F05E9598E2F8254CEAE56E3E0C
                                                            SHA1:0D7198F03B9837D98F63F937DD8A16421861DB8A
                                                            SHA-256:8BBEA3318E2843DBFAB7A2BE7E0BC378E5A196720514A45F2EB535FA8FF5CE46
                                                            SHA-512:6DC937ED6209A68CF0039674B0A20975A7CB87035BCCA5301238F99EEF3CE20F965F0B5F78F2BD7538E5BDA6D0C7FBDB2F2B38C23B6E64DAE32D075A3DC49682
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.....]].[[screenshot_plugin.clear]]=[[..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[......]].[[screenshot_plugin.upload]]=[[... prntscr.com]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[. Google ......]].[[screenshot_plugin.share_tineyesearch]]=[[. Tineye ......]].[[screenshot_plugin.share_sendmail]]=[[.. email ..]].[[screenshot_plugin.share_twitter]]=[[.. Twitter ..]].[[screenshot_plugin.share_facebook]]=[[.. Facebook ..]].[[screenshot_plugin.share_vk]]=[[.. VK ..]].[[screenshot_plugin.share_pinterest]]=[[. Pinterest ..]].[[screenshot_plugin.share]]=[[..]]..[[screenshot_plugin.incorrect_size]]=[[....]].[[screenshot_plugin.error_capt]]=[[..]]..[[screen

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-U9KAA.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1109)
                                                            Category:dropped
                                                            Size (bytes):11376
                                                            Entropy (8bit):4.9286221743577405
                                                            Encrypted:false
                                                            SSDEEP:96:ddeqaEqaAjTVMe9eO/WaLEfbf5imm4qb/adJZNklbbGwoF+FYKUxiAqlpld5Es07:dSRh/Em4qbwJTkpbG3F+ox0b0o7E
                                                            MD5:D115749DC09721FA6C20257AFC71A64D
                                                            SHA1:CC741E1AB1BE8A6BC7C42AB265E86857F74894FB
                                                            SHA-256:5742F1EBCE39FBBAB90A6A3581E57B7B6C35D0CD9A2DD23BBA61712533F0C468
                                                            SHA-512:61CEB72D39504FA33780F74C077FDF7CD58128FB75AAFE48262FA4D15FC8E62D5EEA9DAE9C9B9F3A53040F5890DBCB263BB463F4C72712BB288EB5E919A4CA91
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Speichern]].[[screenshot_plugin.copy]]=[[Kopieren]].[[screenshot_plugin.print]]=[[Drucken]].[[screenshot_plugin.fullscreen]]=[[Kompletten Bildschirm ausw.hlen]].[[screenshot_plugin.clear]]=[[Auswahl aufheben]].[[screenshot_plugin.cancel]]=[[Abbrechen]].[[screenshot_plugin.editonline]]=[[Screenshot online bearbeiten]].[[screenshot_plugin.upload]]=[[Hochladen auf prntscr.com]].[[screenshot_plugin.close]]=[[Schlie.en]]..[[screenshot_plugin.share_googlesearch]]=[[Nach .hnlichen Bildern auf Google suchen]].[[screenshot_plugin.share_tineyesearch]]=[[Nach .hnlichen Bildern auf Tineye suchen]].[[screenshot_plugin.share_sendmail]]=[[Per Email verschicken]].[[screenshot_plugin.share_twitter]]=[[Auf Twitter teilen]].[[screenshot_plugin.share_facebook]]=[[Auf Facebook teilen]].[[screenshot_plugin.share_vk]]=[[Auf VK teilen]].[[screenshot_plugin.share_pinterest]]=[[Auf Pinterest teilen]].[[screenshot_plugin.share]]=[[Auf sozialen Netzwerken teilen]]..[[screenshot

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-UAHT4.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1093)
                                                            Category:dropped
                                                            Size (bytes):11311
                                                            Entropy (8bit):4.823856219956849
                                                            Encrypted:false
                                                            SSDEEP:192:PrUkzzPzXP0KSwiZ/1xoJqFHB9yd58bKDCVnJbn5DLj:P1Xf4/12XVDCVN5Df
                                                            MD5:A3C763A6AB5795AA432071DFF7262D22
                                                            SHA1:2297CE94424FE24144246CB4EEBEAFEC7C6972BA
                                                            SHA-256:E48BBA86D86DD2A2C0D8B789168BF7FA33CCCA80EB90BA2CA1CD1AFEEC70FB36
                                                            SHA-512:26DD8BBAAD6CAECE6AB0A406DF2B608012DD0CD40F24F47D78054C3CD85F75960158D68CE2E1C9AA52C2D0524DDE35A5D2B3AAD24B3ABCBBEC4A20EC8FCECC21
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salva]].[[screenshot_plugin.copy]]=[[Copia]].[[screenshot_plugin.print]]=[[Stampa]].[[screenshot_plugin.fullscreen]]=[[Seleziona schermo intero]].[[screenshot_plugin.clear]]=[[Annulla selezione]].[[screenshot_plugin.cancel]]=[[Annulla]].[[screenshot_plugin.editonline]]=[[Modifica online uno screenshot]].[[screenshot_plugin.upload]]=[[Carica su prntscr.com]].[[screenshot_plugin.close]]=[[Chiuso]]..[[screenshot_plugin.share_googlesearch]]=[[Cerca immagini simili su Google]].[[screenshot_plugin.share_tineyesearch]]=[[Cerca immagini simili su Tineye]].[[screenshot_plugin.share_sendmail]]=[[Invia via email]].[[screenshot_plugin.share_twitter]]=[[Condividi su Twitter]].[[screenshot_plugin.share_facebook]]=[[Condividi su Facebook]].[[screenshot_plugin.share_vk]]=[[Condividi su VK]].[[screenshot_plugin.share_pinterest]]=[[Condividi su Pinterest]].[[screenshot_plugin.share]]=[[Condividi sui social network]]..[[screenshot_plugin.incorrect_size]]=[[Dimensione sbagl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-UT2N5.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
                                                            Category:dropped
                                                            Size (bytes):12149
                                                            Entropy (8bit):5.088872199833535
                                                            Encrypted:false
                                                            SSDEEP:192:hEl9i4yuB6HySNkF98UNZ/me7Sc8j1ldKjVAwoiY:O8uB2e9HNZ/Ic8/dK5AwoP
                                                            MD5:3CA46C43929B540F39DAFF85DD06BFEB
                                                            SHA1:8ABED3FCB1C273C4173DEC8FB6CC2768F777ECA3
                                                            SHA-256:ECDA5230381AD49094439BF6E98637FFBFBA9408C5930F76708E2592A5D2DEF7
                                                            SHA-512:AE1295708A8DD79C1ABF1AA3A6D3F0C8E08ABF5C61A901A966A02200C5FC442D5DB88FFFBD4AD72240524115F2028902377C99DCC68154B1109141B52AD40127
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[....]].[[screenshot_plugin.copy]]=[[....]].[[screenshot_plugin.print]]=[[....]].[[screenshot_plugin.fullscreen]]=[[... ... ...]].[[screenshot_plugin.clear]]=[[... .....]].[[screenshot_plugin.cancel]]=[[...]].[[screenshot_plugin.editonline]]=[[.... ..... ... .......]].[[screenshot_plugin.upload]]=[[.... ....... . prntscr.com]].[[screenshot_plugin.close]]=[[....]]..[[screenshot_plugin.share_googlesearch]]=[[... ...... ..... .....]].[[screenshot_plugin.share_tineyesearch]]=[[... ...... ..... .......]].[[screenshot_plugin.share_sendmail]]=[[... ... .... ........]].[[screenshot_plugin.share_twitter]]=[[... .......]].[[screenshot_plugin.share_facebook]]=[[... ........]].[[screenshot_plugin.share_vk]]=[[... .: VK]].[[screenshot_plugin.share_pinterest]]=[[... .: Pinterest]].[[screenshot_plugin.share]]=[[...

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-V2G6L.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (910)
                                                            Category:dropped
                                                            Size (bytes):14023
                                                            Entropy (8bit):5.2569029518286685
                                                            Encrypted:false
                                                            SSDEEP:192:geUC7QmKuL28T5kKasZCMFe5b95X95pZ0mokUzrwgVzVnvDcJVIoEV3w9+2GDTYB:WlwlkK1kse5b95X95YOCfcvyg
                                                            MD5:27C710C7C361A9B94703BD1C4C717522
                                                            SHA1:231EE42EFC2BC4055DE6AADD275CA83CB2562839
                                                            SHA-256:627D3F4BB34F3F5AC2BAAAED82FBE80B3739C58D2F710BCBBD11DDBA85BB14BF
                                                            SHA-512:1CAA0C3FFBDB42577D27C0090E98B39E925BF711A0814E52E943003D06E8BD00493318A7B1D27B11C66847091EF64BB102BEB669C3D999535F258700ADC268DB
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[.........]].[[screenshot_plugin.fullscreen]]=[[........ .... .....]].[[screenshot_plugin.clear]]=[[........]].[[screenshot_plugin.cancel]]=[[.........]].[[screenshot_plugin.editonline]]=[[..........]].[[screenshot_plugin.upload]]=[[........... .. ...... prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[...... ..... .......... . Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ..... .......... . Tineye]].[[screenshot_plugin.share_sendmail]]=[[......... .. email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... .. Facebook]].[[screenshot_plugin.share_vk]]=[[.......... . VK]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-V5QB8.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):2100
                                                            Entropy (8bit):5.4607972532477875
                                                            Encrypted:false
                                                            SSDEEP:48:HIoQhyC2uvub0XR277qRbMdDCFTsWcm/Q:0QC2uvuL77zDrw/Q
                                                            MD5:4582B37D89F133893F2095D7B57A3AD1
                                                            SHA1:3242904BEDF29E6AFC5BB6AEB1DCB7A994C84ECC
                                                            SHA-256:EE6DFB2E7262954FA5365FAD842B24CD53AFB5E23AF523751D8211B4CC5A8891
                                                            SHA-512:8FC673A7405499DE5DE184A695ECEDBFA230C0A0CA6A1D74AC7B6A08E3629A64537CEE016AFB85FFE64E7B6460DF4BCC183B7DA1AD1418D48A6482FB59B50E42
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.......]].[[screenshot_plugin.clear]]=[[....]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[............]].[[screenshot_plugin.upload]]=[["prntscr.com" .......]].[[screenshot_plugin.close]]=[[...]]..[[screenshot_plugin.share_googlesearch]]=[["Google" ........]].[[screenshot_plugin.share_tineyesearch]]=[["Tineye" ........]].[[screenshot_plugin.share_sendmail]]=[[......]].[[screenshot_plugin.share_twitter]]=[["Twitter" ...]].[[screenshot_plugin.share_facebook]]=[["Facebook" ...]]..[[screenshot_plugin.incorrect_size]]=[[.......]].[[screenshot_plugin.error_capt]]=[[...]]..[[screenshot_plugin.tooltip]]=[[.....]].[[screenshot_plugin.open]]=[[..]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-VMJN0.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):3761
                                                            Entropy (8bit):4.75111012331288
                                                            Encrypted:false
                                                            SSDEEP:96:E/l6LhElslfYrYODlHs3qGWLZJism5ZfS:gehElsRYrYelHs3qGWLZJism5U
                                                            MD5:B85E43201C3D051F8D4F5E7210E6E0BC
                                                            SHA1:C7FC7CCD6F8AC76F674D3B42CFAF2AF74EB1B515
                                                            SHA-256:5DEEBC0DC369C6E2F85E549C6AD38AF0F385CC0163373C857508AF3A8E96E8DF
                                                            SHA-512:15D2744DCED11591C4AF340F1C95595C41BDADEBC5C6BD1DED962A1DFBAA9159555F1DDD21714DD0C13E53600BD92F036D33861FF21760B1BC7E9202A4756D3C
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Desa]].[[screenshot_plugin.print]]=[[Imprimeix]].[[screenshot_plugin.fullscreen]]=[[Selecciona pantalla completa]].[[screenshot_plugin.clear]]=[[Neteja la selecci.]].[[screenshot_plugin.editonline]]=[[Editeu una captura de pantalla en l.nia]].[[screenshot_plugin.upload]]=[[Puja a prntscr.com]].[[screenshot_plugin.close]]=[[Tanca]]..[[screenshot_plugin.share_tineyesearch]]=[[Cerca imatges similars a Tineye]].[[screenshot_plugin.share_sendmail]]=[[Envia a trav.s de correu electr.nic]].[[screenshot_plugin.share_twitter]]=[[Comparteix al Twitter]].[[screenshot_plugin.share_facebook]]=[[Comparteix al Facebook]].[[screenshot_plugin.share_pinterest]]=[[Comparteix a Pinterest]].[[screenshot_plugin.share]]=[[Comparteix a les xarxes socials]]..[[screenshot_plugin.incorrect_size]]=[[Mida incorrecta]].[[screenshot_plugin.error_capt]]=[[Error]]..[[screenshot_plugin.open]]=[[Obre]]..[[screenshot_app.take_screenshot]]=[[Feu una captura de pantalla]].[[screenshot_ap

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-VU9P7.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):11282
                                                            Entropy (8bit):5.22650088499113
                                                            Encrypted:false
                                                            SSDEEP:192:RaH/Ku4CUFRvBEZ+dN/tIDItFOLAC4YS/HkOWjAo0YYwmLu1p:Rykv1Sg/Byp
                                                            MD5:ADDA7B38ACB9923473E8E5F8FE9555F0
                                                            SHA1:73C3BEF88E8ED893A98A19F702EA9F7C159D30F8
                                                            SHA-256:88F1EC35A57672CB75E96662819901899F8BC7CE546B3DA3AAD636229D4695D1
                                                            SHA-512:B214D0AFDB5546EFBD8C95C758EF0B8EAC4C19462B44645220BB8FBB4BBABAB5CD066E7C56850C67E11BEFD173B49C4C1010023338FA66F1F5B9D6EC4083CAC7
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[............]].[[screenshot_plugin.copy]]=[[............]].[[screenshot_plugin.print]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[.......... ..... ......]].[[screenshot_plugin.clear]]=[[....... ............]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[.......... ..... ..... ....]].[[screenshot_plugin.upload]]=[[Prntscr.com ............ .... ..]].[[screenshot_plugin.close]]=[[......]]..[[screenshot_plugin.share_googlesearch]]=[[..... .. ..... ....... .. .... ]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye ..... .. ..... ....... .. ]].[[screenshot_plugin.share_sendmail]]=[[..... ....... ........]].[[screenshot_plugin.share_twitter]]=[[........... .. ......]].[[screenshot_plugin.share_facebook]]=[[........

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):1853
                                                            Entropy (8bit):4.858703658195675
                                                            Encrypted:false
                                                            SSDEEP:24:ITcerFoMqngS07b8EFH08JgwEqgVkaXkgleOI1ZwV76k1uRrF0kscGP4G5jfqKH:kceFoMvR0IHEn1NePo76kwRxTsW8
                                                            MD5:6EA5AF7F09D1CDD8929B1D6C2F8B9DFD
                                                            SHA1:7A185908954EFADDA847870CA30E344EDA0B72D1
                                                            SHA-256:6BC8AD750CB4142C2C628C3C3F3006C853A48566FC988CD7179EA6CAE0FF7A79
                                                            SHA-512:149456B744531945A7ABCD294F7B45EAE3959D8B672DE10431A26D9458E683B1A48D03136C672DAB00C804AC8F6738A6C35D0F18D48818F28038864499DCDB78
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Vista]].[[screenshot_plugin.copy]]=[[Afrita]].[[screenshot_plugin.print]]=[[Prenta]].[[screenshot_plugin.fullscreen]]=[[Velja fullan skj.]].[[screenshot_plugin.clear]]=[[Hreinsa]].[[screenshot_plugin.cancel]]=[[H.tta Vi.]].[[screenshot_plugin.editonline]]=[[Breyta Mynd]].[[screenshot_plugin.upload]]=[[Senda . prntscr.com]].[[screenshot_plugin.close]]=[[Loka]]..[[screenshot_plugin.share_googlesearch]]=[[Leita a. svipu.um myndum . Google]].[[screenshot_plugin.share_tineyesearch]]=[[Leita a. svipu.um myndum . Tineye]].[[screenshot_plugin.share_sendmail]]=[[Senda . email]].[[screenshot_plugin.share_twitter]]=[[Deila . Twitter]].[[screenshot_plugin.share_facebook]]=[[Deila in Facebook]]..[[screenshot_plugin.incorrect_size]]=[[Vitlaus St.r.]].[[screenshot_plugin.error_capt]]=[[Villa]]..[[screenshot_plugin.tooltip]]=[[Velja sv..i]].[[screenshot_plugin.open]]=[[Opna]].[[screenshot_plugin.uploading_window_capt]]=[[Sendi mynd]].[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\it.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1093)
                                                            Category:dropped
                                                            Size (bytes):11311
                                                            Entropy (8bit):4.823856219956849
                                                            Encrypted:false
                                                            SSDEEP:192:PrUkzzPzXP0KSwiZ/1xoJqFHB9yd58bKDCVnJbn5DLj:P1Xf4/12XVDCVN5Df
                                                            MD5:A3C763A6AB5795AA432071DFF7262D22
                                                            SHA1:2297CE94424FE24144246CB4EEBEAFEC7C6972BA
                                                            SHA-256:E48BBA86D86DD2A2C0D8B789168BF7FA33CCCA80EB90BA2CA1CD1AFEEC70FB36
                                                            SHA-512:26DD8BBAAD6CAECE6AB0A406DF2B608012DD0CD40F24F47D78054C3CD85F75960158D68CE2E1C9AA52C2D0524DDE35A5D2B3AAD24B3ABCBBEC4A20EC8FCECC21
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salva]].[[screenshot_plugin.copy]]=[[Copia]].[[screenshot_plugin.print]]=[[Stampa]].[[screenshot_plugin.fullscreen]]=[[Seleziona schermo intero]].[[screenshot_plugin.clear]]=[[Annulla selezione]].[[screenshot_plugin.cancel]]=[[Annulla]].[[screenshot_plugin.editonline]]=[[Modifica online uno screenshot]].[[screenshot_plugin.upload]]=[[Carica su prntscr.com]].[[screenshot_plugin.close]]=[[Chiuso]]..[[screenshot_plugin.share_googlesearch]]=[[Cerca immagini simili su Google]].[[screenshot_plugin.share_tineyesearch]]=[[Cerca immagini simili su Tineye]].[[screenshot_plugin.share_sendmail]]=[[Invia via email]].[[screenshot_plugin.share_twitter]]=[[Condividi su Twitter]].[[screenshot_plugin.share_facebook]]=[[Condividi su Facebook]].[[screenshot_plugin.share_vk]]=[[Condividi su VK]].[[screenshot_plugin.share_pinterest]]=[[Condividi su Pinterest]].[[screenshot_plugin.share]]=[[Condividi sui social network]]..[[screenshot_plugin.incorrect_size]]=[[Dimensione sbagl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ja.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):2100
                                                            Entropy (8bit):5.4607972532477875
                                                            Encrypted:false
                                                            SSDEEP:48:HIoQhyC2uvub0XR277qRbMdDCFTsWcm/Q:0QC2uvuL77zDrw/Q
                                                            MD5:4582B37D89F133893F2095D7B57A3AD1
                                                            SHA1:3242904BEDF29E6AFC5BB6AEB1DCB7A994C84ECC
                                                            SHA-256:EE6DFB2E7262954FA5365FAD842B24CD53AFB5E23AF523751D8211B4CC5A8891
                                                            SHA-512:8FC673A7405499DE5DE184A695ECEDBFA230C0A0CA6A1D74AC7B6A08E3629A64537CEE016AFB85FFE64E7B6460DF4BCC183B7DA1AD1418D48A6482FB59B50E42
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[...]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.......]].[[screenshot_plugin.clear]]=[[....]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[............]].[[screenshot_plugin.upload]]=[["prntscr.com" .......]].[[screenshot_plugin.close]]=[[...]]..[[screenshot_plugin.share_googlesearch]]=[["Google" ........]].[[screenshot_plugin.share_tineyesearch]]=[["Tineye" ........]].[[screenshot_plugin.share_sendmail]]=[[......]].[[screenshot_plugin.share_twitter]]=[["Twitter" ...]].[[screenshot_plugin.share_facebook]]=[["Facebook" ...]]..[[screenshot_plugin.incorrect_size]]=[[.......]].[[screenshot_plugin.error_capt]]=[[...]]..[[screenshot_plugin.tooltip]]=[[.....]].[[screenshot_plugin.open]]=[[..]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ka.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (321)
                                                            Category:dropped
                                                            Size (bytes):14334
                                                            Entropy (8bit):4.609688160373262
                                                            Encrypted:false
                                                            SSDEEP:384:aUcWmY/kAospx5Clx5rcIyqQY4ej0FKwF7uiQ+LY9q:NHus
                                                            MD5:4D839F6C4DB8B58158BA136BBE209E50
                                                            SHA1:BA84439054819925F1FCC8118536B12F67A4262B
                                                            SHA-256:8844248F8E3446BB01581C801275E060C0E8171B150C84A2552D26ECCC1349D5
                                                            SHA-512:7EC12E55AAD2EF65F57B08F53FD392E5D2278402FDFB1F6BB6E22A4212D40F7300FBACD269F57D29BC24443CD7643969DA85013375613CB0407C597726AFEF5F
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.copy]]=[[........]].[[screenshot_plugin.print]]=[[........]].[[screenshot_plugin.fullscreen]]=[[..... ....... ......]].[[screenshot_plugin.clear]]=[[...........]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[......... ...... ........]].[[screenshot_plugin.upload]]=[[........ prntscr.com-..]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[....... ....... ....... Google-..]].[[screenshot_plugin.share_tineyesearch]]=[[....... ....... ....... Tineye-..]].[[screenshot_plugin.share_sendmail]]=[[...... ........ ..-.......]].[[screen

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ko.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (758)
                                                            Category:dropped
                                                            Size (bytes):11110
                                                            Entropy (8bit):5.888845253303549
                                                            Encrypted:false
                                                            SSDEEP:192:s9fbIZVu2Cs+xlcera/n8lAZyUcGUfExTM81M:GbHF6n8lyJcGZM9
                                                            MD5:99F15556368A9025A678AE20E3E5EDB4
                                                            SHA1:1DAE062FE596367350FA7EAE68BBF1645C11A143
                                                            SHA-256:F07C0EE08ED2895729E734B349B1AF3CA8A0646126FD4E3A01D37A8DE299B7B8
                                                            SHA-512:BC69A8371EAE0AADDDB6B507E1B5E49F9BD18AB0595C0C8FCA02F9648E2736CCD6406907D3DD38121912D2FAC00639F563FBDFEE458876604692ECF05CC08906
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.. .. ..]].[[screenshot_plugin.clear]]=[[.. ..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[..... .... ..]].[[screenshot_plugin.upload]]=[[Prntscr.com. ...]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[Google.. ... ... ..]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye.. ... ... ..]].[[screenshot_plugin.share_sendmail]]=[[.... ...]].[[screenshot_plugin.share_twitter]]=[[Twitter. ..]].[[screenshot_plugin.share_facebook]]=[[Facebook.. ..]].[[screenshot_plugin.share_vk]]=[[VK. ..]].[[screenshot_plugin.share_pinterest]]=[[Pinterest. ..]].[[screenshot_plugin.share]]=[[.. ..... ..]]..[[screenshot_plugin.incorrect_size]]=[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ku.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):11282
                                                            Entropy (8bit):5.22650088499113
                                                            Encrypted:false
                                                            SSDEEP:192:RaH/Ku4CUFRvBEZ+dN/tIDItFOLAC4YS/HkOWjAo0YYwmLu1p:Rykv1Sg/Byp
                                                            MD5:ADDA7B38ACB9923473E8E5F8FE9555F0
                                                            SHA1:73C3BEF88E8ED893A98A19F702EA9F7C159D30F8
                                                            SHA-256:88F1EC35A57672CB75E96662819901899F8BC7CE546B3DA3AAD636229D4695D1
                                                            SHA-512:B214D0AFDB5546EFBD8C95C758EF0B8EAC4C19462B44645220BB8FBB4BBABAB5CD066E7C56850C67E11BEFD173B49C4C1010023338FA66F1F5B9D6EC4083CAC7
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[............]].[[screenshot_plugin.copy]]=[[............]].[[screenshot_plugin.print]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[.......... ..... ......]].[[screenshot_plugin.clear]]=[[....... ............]].[[screenshot_plugin.cancel]]=[[.....]].[[screenshot_plugin.editonline]]=[[.......... ..... ..... ....]].[[screenshot_plugin.upload]]=[[Prntscr.com ............ .... ..]].[[screenshot_plugin.close]]=[[......]]..[[screenshot_plugin.share_googlesearch]]=[[..... .. ..... ....... .. .... ]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye ..... .. ..... ....... .. ]].[[screenshot_plugin.share_sendmail]]=[[..... ....... ........]].[[screenshot_plugin.share_twitter]]=[[........... .. ......]].[[screenshot_plugin.share_facebook]]=[[........

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\lt.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (606)
                                                            Category:dropped
                                                            Size (bytes):9229
                                                            Entropy (8bit):4.988338896224836
                                                            Encrypted:false
                                                            SSDEEP:192:tAvjPjfQGKGJZdnpTDrqUJFiiqrwHsyCR+lFj:tAvjjJ9RnhvqUfwrwML+lFj
                                                            MD5:BDD17AB1EDA8488B8CFE02327DF05F90
                                                            SHA1:031F1B7B21FB7C8BAA2FCD6FAD0589D8C5437629
                                                            SHA-256:0E251986CD97BDE529CC2726EFC18F821661301DF1B8F44FB17898F851393D82
                                                            SHA-512:4853412D4FC5A0293EC5F4C92F468B06924C00DEBDAA8A2B6372CD0C339D1C5B2B7360CF1BE353E2459ACEBA7C82AF33B04F552733E221C2A5CBE9246BE3277E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[I.saugoti]].[[screenshot_plugin.copy]]=[[Kopijuoti]].[[screenshot_plugin.print]]=[[Spausdinti]].[[screenshot_plugin.fullscreen]]=[[Pasirinkti vis. ekrano vaizd.]].[[screenshot_plugin.clear]]=[[I.trinti pasirinkim.]].[[screenshot_plugin.cancel]]=[[At.aukti]].[[screenshot_plugin.editonline]]=[[Koreguoti paveiksl.l. internete]].[[screenshot_plugin.upload]]=[[.kelti . prntscr.com]].[[screenshot_plugin.close]]=[[U.daryti]]..[[screenshot_plugin.share_googlesearch]]=[[Ie.koti pana.i. paveiksl.li. per Google]].[[screenshot_plugin.share_tineyesearch]]=[[Ie.koti pana.i. paveiksl.li. per Tineye]].[[screenshot_plugin.share_sendmail]]=[[I.si.sti elektroniniu pa.tu]].[[screenshot_plugin.share_twitter]]=[[Pasidalinti per Twitter]].[[screenshot_plugin.share_facebook]]=[[Pasidalinti per Facebook]].[[screenshot_plugin.share_vk]]=[[Pasidalinti per VK]].[[screenshot_plugin.share_pinterest]]=[[Pasidalinti per Pinterest]].[[screenshot_plugin.share]]=[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\lv.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):7252
                                                            Entropy (8bit):5.0367350116439455
                                                            Encrypted:false
                                                            SSDEEP:96:6n6T6sGi7HKD/HDnMBUjelc3zOfzO6t0w+K6Rqa6NH/2x6NH+7sXaDchJ4QZtBsN:Sm1bOMB/mOfzledk/d+7shJW8OP
                                                            MD5:282E5B1C57E18FA97A4D54AFEFDF2485
                                                            SHA1:D64C78923257FBDF9F136C2F1BC0D817305FB211
                                                            SHA-256:DDD5A868F9E0C9F988225B1E99223AA45C75122D9E5A399BED508D3C96EA6CD2
                                                            SHA-512:4581DD61F28A691F6AB00EC8C8F4E8B87DA15822D426167A623B1818ED1ED37CD5F07EB7328BE2977AADA422B544B049F112AD5AC5C94E5214A32C54556652DF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Saglab.t]].[[screenshot_plugin.copy]]=[[Kop.t]].[[screenshot_plugin.print]]=[[Druk.t]].[[screenshot_plugin.fullscreen]]=[[Iez.m.t pilnu ekr.nu]].[[screenshot_plugin.clear]]=[[Not.r.t iez.m.to]].[[screenshot_plugin.cancel]]=[[Atcelt]].[[screenshot_plugin.editonline]]=[[Redi..t ekr.nuz..mumu internet. onlain.]].[[screenshot_plugin.upload]]=[[Aug.upiel.d.t uz prntscr.com]].[[screenshot_plugin.close]]=[[Aizv.rt]]..[[screenshot_plugin.share_googlesearch]]=[[Mekl.t l.dz.gus att.lus Google]].[[screenshot_plugin.share_tineyesearch]]=[[Mekl.t l.dz.gus att.lus Tineye]].[[screenshot_plugin.share_sendmail]]=[[Nos.t.t pa e-pastu]].[[screenshot_plugin.share_twitter]]=[[Kop.got Twitter vietn.]].[[screenshot_plugin.share_facebook]]=[[Kop.got Facebook vietn.]].[[screenshot_plugin.share_vk]]=[[Kop.got VK vietn.]].[[screenshot_plugin.share_pinterest]]=[[Dal.ties Pinterest vietn.]].[[screenshot_plugin.share]]=[[Kop.got soci.lajos t.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\mk.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):6048
                                                            Entropy (8bit):5.114480664907674
                                                            Encrypted:false
                                                            SSDEEP:96:0XjIMC5v/z9P0y9bzTGw5Om/RCafXLDDcm2ddt/D8PrXNCO:v/0wzTtLs8LID8L0O
                                                            MD5:70BA5C9C3E83584713663332BCF0ED60
                                                            SHA1:2093C3D4A269D6D80714E2DEB0F86B727B43B82E
                                                            SHA-256:4B04AC2BF41F9A71FD626297956759B0F3321851BFCDBB4D788EAFD3BC662EE8
                                                            SHA-512:F379313B91FD4EB976736C4D65624215FEFD381323F2F469E6AE7BDE2BE79B5DE6F5B34B28B90DCA1D3BE7BD5496DBC85DF5A0E22E88A1F4C38E2F30824AB132
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[...... ....... .....]].[[screenshot_plugin.editonline]]=[[..... ........ ......]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[.......... ...... ..... .. ......]].[[screenshot_plugin.share_twitter]]=[[....... .. Twitter]].[[screenshot_plugin.share_facebook]]=[[....... .. Facebook]].[[screenshot_plugin.share_pinterest]]=[[....... .. Pinterest]].[[screenshot_plugin.share]]=[[......... .. ........... .....]]..[[screenshot_plugin.error_capt]]=[[......]]..[[screenshot_plugin.tooltip]]=[[.......... ........]].[[screenshot_plugin.open]]=[[......]].[[screenshot_plugin.upload_failed_retry]]=[[............. .. .... ........ ....... .. ........?]]..[[screenshot_app.take_screensho

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\nb-NO.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1120)
                                                            Category:dropped
                                                            Size (bytes):11186
                                                            Entropy (8bit):4.953572434226719
                                                            Encrypted:false
                                                            SSDEEP:192:GQSHp6E9U6hFEEoCyIf1SmCdtboLJaK1HwqhK2dRn1FQxH+dWcK2Z3Lhdk:GQSHmgEZCyIfYm1JaKFwqhKerFQxcWcM
                                                            MD5:70F2CB3F106AB633BD97214FFC1ED887
                                                            SHA1:2FC524704C19FB2F299CCE09573A3D7E2EF093F9
                                                            SHA-256:66ED6820B982F5055EAE9893338EA992A97F84A0280D1E8A54142ADA09D31821
                                                            SHA-512:71D56A062EC41A11294EFAD9018E80AEA039537A6077D25E140D766624DA1F467CB84067718AF80488A64ECED84D71FBFEF438CDF9434459C62B9BEC64BE7B90
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Lagre]].[[screenshot_plugin.copy]]=[[Kopi.r]].[[screenshot_plugin.print]]=[[Skriv ut]].[[screenshot_plugin.fullscreen]]=[[Velg fullskjermsvisning]].[[screenshot_plugin.clear]]=[[Fjern utsnitt]].[[screenshot_plugin.cancel]]=[[Avbryt]].[[screenshot_plugin.editonline]]=[[Redig.r skjermbildet i nettleseren]].[[screenshot_plugin.upload]]=[[Last opp til prntscr.com]].[[screenshot_plugin.close]]=[[Lukk]]..[[screenshot_plugin.share_googlesearch]]=[[S.k etter lignende bilder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.k etter lignende bilder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Send via e-post]].[[screenshot_plugin.share_twitter]]=[[Del p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Del p. Facebook]].[[screenshot_plugin.share_vk]]=[[Del p. VK]].[[screenshot_plugin.share_pinterest]]=[[Del p. Pinterest]].[[screenshot_plugin.share]]=[[Del p. sosiale nettverk]]..[[screenshot_plugin.incorrect_size]]=[[Feil st.rrelse]].[[scre

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\nl.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1094)
                                                            Category:dropped
                                                            Size (bytes):11567
                                                            Entropy (8bit):4.848204007772776
                                                            Encrypted:false
                                                            SSDEEP:192:5ZzCVYfObAtzv/ujSDe6Em5s5tfVuUwZ1wMzzklzNVLLwN2:5EyOUtje6EmK5twRW2wlpVI2
                                                            MD5:1DBF0C68099CDAA5F8800DC14AA2F5B0
                                                            SHA1:F43D913B1FA098F89B28756CEC754022AFE62C3C
                                                            SHA-256:B82B3A16C09AB2E1340C1D42F22146B30B7445CE1652D2114412F7A1AF6AECEF
                                                            SHA-512:89AD7CDC635D128A22081100E1DA0A2ED89B90582B856172DE2E2901DDDFA09A21E1E27A4139C68096160B836FFC37E1C7AF0DE81232A624B683DF4FCD49F9F3
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Opslaan]].[[screenshot_plugin.copy]]=[[Kopi.ren]].[[screenshot_plugin.print]]=[[Afdrukken]].[[screenshot_plugin.fullscreen]]=[[Het volledige scherm kiezen]].[[screenshot_plugin.clear]]=[[Keuze wissen]].[[screenshot_plugin.cancel]]=[[Afbreken]].[[screenshot_plugin.editonline]]=[[Een afbeelding op het web bewerken]].[[screenshot_plugin.upload]]=[[Naar prntscr.com versturen]].[[screenshot_plugin.close]]=[[Afsluiten]]..[[screenshot_plugin.share_googlesearch]]=[[Soortgelijke afbeeldingen op Google zoeken]].[[screenshot_plugin.share_tineyesearch]]=[[Soortgelijke afbeeldingen op Tineye zoeken]].[[screenshot_plugin.share_sendmail]]=[[Via de e-post versturen]].[[screenshot_plugin.share_twitter]]=[[Via Twitter delen]].[[screenshot_plugin.share_facebook]]=[[Via Facebook delen]].[[screenshot_plugin.share_vk]]=[[Via VK delen]].[[screenshot_plugin.share_pinterest]]=[[Via Pinterest delen]].[[screenshot_plugin.share]]=[[Op maatschappelijke netwerken delen]]..[[screensh

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pl.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1029)
                                                            Category:dropped
                                                            Size (bytes):11134
                                                            Entropy (8bit):5.158411756543586
                                                            Encrypted:false
                                                            SSDEEP:192:jcoX7cO/BHpiTSjmJn2C1oQHl5v+N4ioHuJaRA38N3:R5piTSS3t+NoHuIAMN3
                                                            MD5:B42697871A6AD6A19E4825A1949AAB85
                                                            SHA1:8D24E98FD532E511E1C147180D50A950FD72BA05
                                                            SHA-256:306603A966B7ACB1B4FEEA9ECC94E08E0C5C686C520083206005B0929A812F41
                                                            SHA-512:577E554F69D401CBFA0FF71A8A0814B616AF5B38476FEBD750062F9704251D45546ADC70244CD8402A5FD2D944640D7E43D790E064E95313ADEB4BF2FC0B0CCB
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Zapisz]].[[screenshot_plugin.copy]]=[[Kopiuj]].[[screenshot_plugin.print]]=[[Drukuj]].[[screenshot_plugin.fullscreen]]=[[Zaznacz ca.y ekran]].[[screenshot_plugin.clear]]=[[Wyczy.. zaznaczenie]].[[screenshot_plugin.cancel]]=[[Anuluj]].[[screenshot_plugin.editonline]]=[[Edytuj zrzut ekranu online ]].[[screenshot_plugin.upload]]=[[Prze.lij do prntscr.com]].[[screenshot_plugin.close]]=[[Zamknij]]..[[screenshot_plugin.share_googlesearch]]=[[Szukaj podobnych obraz.w w Google]].[[screenshot_plugin.share_tineyesearch]]=[[Szukaj podobnych obrazk.w w Tineye]].[[screenshot_plugin.share_sendmail]]=[[Wy.lij e-mailem]].[[screenshot_plugin.share_twitter]]=[[Udost.pnij na Twitterze]].[[screenshot_plugin.share_facebook]]=[[Udost.pnij na Facebooku]].[[screenshot_plugin.share_vk]]=[[Udost.pnij na VK]].[[screenshot_plugin.share_pinterest]]=[[Udost.pnij na Pinterest]].[[screenshot_plugin.share]]=[[Udost.pnij w serwisach spo.eczno.ciowych]]..[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pt-PT.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (651)
                                                            Category:dropped
                                                            Size (bytes):6945
                                                            Entropy (8bit):4.814228636128868
                                                            Encrypted:false
                                                            SSDEEP:96:NJ/zX4HGGRXVyr1IOECj8XOBnNYoBnNwHDoD0XoJhdkHiG4I5wYhBSK:NJaGGc1WOgo4HMtJhdkhxwYDj
                                                            MD5:C5D8FB04C0A7BE0D53FD031090BC36F8
                                                            SHA1:7738786D699380CFD5A13940C65EA86DBB1979EF
                                                            SHA-256:4357C2DD05BB87E381E07681B9E8D17FE5953997CCEF1045DC004A93B791F159
                                                            SHA-512:2D58FAA2C557B631AF7FF1022B1E8E77B6972D7405F748A706BE823C45B95165FE9B00087F49A7AEAB73420AE25AB96608869F23F7C8049BE5E0D07F9D7FBDA5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Guardar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Selecionar tela inteira]].[[screenshot_plugin.clear]]=[[Limpar sele..o]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar captura de ecr. online]].[[screenshot_plugin.upload]]=[[Enviar para prntscr.com]].[[screenshot_plugin.close]]=[[Fechar]]..[[screenshot_plugin.share_googlesearch]]=[[Pesquisar imagens semelhantes no Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pesquisar imagens semelhantes no Tineye]].[[screenshot_plugin.share_sendmail]]=[[Enviar por email]].[[screenshot_plugin.share_twitter]]=[[Partilhar no Twitter]].[[screenshot_plugin.share_facebook]]=[[Partilhar no Facebook]].[[screenshot_plugin.share_vk]]=[[Partilhar no VK]].[[screenshot_plugin.share_pinterest]]=[[Partilhar no Pinterest]].[[screenshot_plugin.share]]=[[Partilhar nas redes sociais]]..[[screenshot_plugin.incorrect_siz

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pt-br.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1055)
                                                            Category:dropped
                                                            Size (bytes):11043
                                                            Entropy (8bit):4.899724610981938
                                                            Encrypted:false
                                                            SSDEEP:96:uJlUX4Ha10tgVTvv4IrwEV+U0pECNKvpErN5NWcFYz4zJiuQlSZtw1x/7vLYwvfj:uJJ+MWn4smRcyJitSE1xjep3wqgb5
                                                            MD5:09540A630D97751B5B922D9A54D72FE4
                                                            SHA1:FABB626059A1A504888C23795470A4DE14C52445
                                                            SHA-256:6F931F38924CF8C233A1B46E5D80BAD2182F8DD0D670E7F54824D8CAA5AE0C11
                                                            SHA-512:C992B7545B70A77C0C4ACB7B4445F50BD35285DDB4B580C4573F99FCAC0EBF666431FD8B43715D1CF116F5379F8B0E375884C8C390697D4C2C0667AF99321A9D
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salvar]].[[screenshot_plugin.copy]]=[[Copiar]].[[screenshot_plugin.print]]=[[Imprimir]].[[screenshot_plugin.fullscreen]]=[[Selecionar tela inteira]].[[screenshot_plugin.clear]]=[[Limpar sele..o]].[[screenshot_plugin.cancel]]=[[Cancelar]].[[screenshot_plugin.editonline]]=[[Editar captura de tela online]].[[screenshot_plugin.upload]]=[[Enviar para prntscr.com]].[[screenshot_plugin.close]]=[[Fechar]]..[[screenshot_plugin.share_googlesearch]]=[[Pesquisar imagens semelhantes no Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pesquisar imagens semelhantes no Tineye]].[[screenshot_plugin.share_sendmail]]=[[Enviar por email]].[[screenshot_plugin.share_twitter]]=[[Compartilhar no Twitter]].[[screenshot_plugin.share_facebook]]=[[Compartilhar no Facebook]].[[screenshot_plugin.share_vk]]=[[Compartilhar no VK]].[[screenshot_plugin.share_pinterest]]=[[Compartilhar no Pinterest]].[[screenshot_plugin.share]]=[[Compartilhar nas redes sociais]]..[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ro.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
                                                            Category:dropped
                                                            Size (bytes):11202
                                                            Entropy (8bit):4.9289519644156865
                                                            Encrypted:false
                                                            SSDEEP:192:zthb1ZlvjsLnTiPEpANWlMdVk7JrRzO7zvm34hv1WfE/9mWwZtz:ztR1rvoz+PEpANsMGJRqzvm3qv2E/9rE
                                                            MD5:62946D959F30092FE18CD081D90A1135
                                                            SHA1:ABA3A2CD65D5BF80AE08433994E006B3557BE3AE
                                                            SHA-256:6A20F444F3087CAEB940B2D21CCF437BCC93673308F4898577DFA82677369068
                                                            SHA-512:757333E7DC4173E7D793C71AFE3517D09D1B4B02731A02F7CBAD835C2160506900BA2A5CD80550E68E07C08A3EF1CEF33A0A85FB11EA8D53186CCEE0C086D111
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Salveaz.]].[[screenshot_plugin.copy]]=[[Copiaz.]].[[screenshot_plugin.print]]=[[Printeaz.]].[[screenshot_plugin.fullscreen]]=[[Pe tot ecranul]].[[screenshot_plugin.clear]]=[[Cur... sectiunea]].[[screenshot_plugin.cancel]]=[[Anuleaz.]].[[screenshot_plugin.editonline]]=[[Editeaz. captura de ecran online]].[[screenshot_plugin.upload]]=[[.ncarc. pe prntscr.com]].[[screenshot_plugin.close]]=[[.nchide]]..[[screenshot_plugin.share_googlesearch]]=[[Caut. imagini similare pe Google]].[[screenshot_plugin.share_tineyesearch]]=[[Caut. imagini similare pe Google Tineye]].[[screenshot_plugin.share_sendmail]]=[[Trimite prin email]].[[screenshot_plugin.share_twitter]]=[[Distribui.i pe Twitter]].[[screenshot_plugin.share_facebook]]=[[Distribui.i pe Facebook]].[[screenshot_plugin.share_vk]]=[[Distribuie pe VK]].[[screenshot_plugin.share_pinterest]]=[[Distribuie pe Pinterest]].[[screenshot_plugin.share]]=[[Distribuiti pe retelele sociale.]]..[[screenshot_plu

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ru.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1201)
                                                            Category:dropped
                                                            Size (bytes):15600
                                                            Entropy (8bit):5.1688353887279685
                                                            Encrypted:false
                                                            SSDEEP:192:i/W1SS0iUUoxQvheweKapAccse6c8VWbsFVG9i7WCatOV3+QVguVNo5EPrR9:vYBSvIVJpAT6crbpU6zG+Co+jb
                                                            MD5:45BF9B5D594B33A064AE4C04C4C3C96A
                                                            SHA1:5FFB92F13CA6B7F61CAD36839EBBA97A4BE67925
                                                            SHA-256:71FBFCC0E199ED012DECF96CE7671CF9A5D4B72F765281A1A66545DDBF025209
                                                            SHA-512:9C2E89B26AE36DFF4A182AF0C826DE08A46AD0F36FB59C665F247E0EAE5642882018FB946C11D5CEB2B6EFBB75FB7E6914A2AEF387B1DC8ED9AAC26E56A574F5
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.........]].[[screenshot_plugin.copy]]=[[..........]].[[screenshot_plugin.print]]=[[......]].[[screenshot_plugin.fullscreen]]=[[........ .... .....]].[[screenshot_plugin.clear]]=[[........]].[[screenshot_plugin.cancel]]=[[........]].[[screenshot_plugin.editonline]]=[[.............]].[[screenshot_plugin.upload]]=[[......... .. prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[...... ....... ........... .. Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ....... ........... .. Tineye]].[[screenshot_plugin.share_sendmail]]=[[......... .. email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... .. Facebook]].[[screenshot_plugin.share_vk]]=[[.......... ....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sk.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1086)
                                                            Category:dropped
                                                            Size (bytes):11509
                                                            Entropy (8bit):5.18057505039434
                                                            Encrypted:false
                                                            SSDEEP:192:Lvds3tZ9zOx4vWeW8AcpmJvh10ootkptXdVdA7qI/g1:6Fm4vWeW8EBykpttVdIQ
                                                            MD5:1CCB1D13BEF7FE4BCBDE7E8ADF3C7F51
                                                            SHA1:F1CBF6569C36AAF6226C18AFF56EA19720F2D513
                                                            SHA-256:E272C3467A7CAFF058318DD4774D627F9A66B6AFFAB1681388DEB828352A7B7B
                                                            SHA-512:909936FB6FE2E20A95A016CED8B0A6576A6DE1BCA208E8AE8E000B41322FC9D4713687E0128A4A1008BC838D13E7DE71E8EB2D1CD3B59475060FDA6043946FE9
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ulo.i.]].[[screenshot_plugin.copy]]=[[Kop.rova.]].[[screenshot_plugin.print]]=[[Vytla.i.]].[[screenshot_plugin.fullscreen]]=[[Ozna.i. cel. obrazovku]].[[screenshot_plugin.clear]]=[[Zru.i. ozna.enie]].[[screenshot_plugin.cancel]]=[[Zru.i.]].[[screenshot_plugin.editonline]]=[[Upravi. screenshot online]].[[screenshot_plugin.upload]]=[[Nahra. do prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori.]]..[[screenshot_plugin.share_googlesearch]]=[[H.ada. podobn. obr.zky na Googli]].[[screenshot_plugin.share_tineyesearch]]=[[H.ada. podobn. obr.zky na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Posla. pomocou emailu]].[[screenshot_plugin.share_twitter]]=[[Zdie.a. na Twittri]].[[screenshot_plugin.share_facebook]]=[[Zdie.a. na Facebooku]].[[screenshot_plugin.share_vk]]=[[Zdie.a. na VK]].[[screenshot_plugin.share_pinterest]]=[[Zdie.a. na Pinterest]].[[screenshot_plugin.share]]=[[Zdie.a. na soci.lnych sie.ach]]..[[screenshot_pl

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sl.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):7426
                                                            Entropy (8bit):4.869278439819597
                                                            Encrypted:false
                                                            SSDEEP:96:VbHZ0uGuyz76LcGO1MHwaYNfYNcYZvyi4E8JRRsBsN6GbTMhzT3ocCBQMl:VbfyCLCaQIwFJjN6mTMhIcCqMl
                                                            MD5:8990E3DC38D9E65460480F257204E37D
                                                            SHA1:566FB8314D0385A66071D8BCC4DE5307699E88C4
                                                            SHA-256:46330DDC3BCA222A6BEEC79291C5CC09FF59FE7AF2613059D935ED88C92861FC
                                                            SHA-512:005EF52768441CAD3AC3C7FFAA0227E16C3FD602109EA9A4D1C74284625D9DD86C4BF88179E3E1FE73D3830BD59D58D8378C13D99D49D17E4196EBAA4ABB8129
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Shrani]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Tiskaj]].[[screenshot_plugin.fullscreen]]=[[Izberi celoten zaslon]].[[screenshot_plugin.clear]]=[[Po.isti selekcijo]].[[screenshot_plugin.cancel]]=[[Prekli.i]].[[screenshot_plugin.editonline]]=[[Uredite posnetek zaslona na spletu]].[[screenshot_plugin.upload]]=[[Nalo.i na prntscr.com]].[[screenshot_plugin.close]]=[[Zapri]]..[[screenshot_plugin.share_googlesearch]]=[[I..i podobne slike na Google-u]].[[screenshot_plugin.share_tineyesearch]]=[[I..i podobne slike na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.lji preko elektronske po.te]].[[screenshot_plugin.share_twitter]]=[[Deli na Twitter-ju]].[[screenshot_plugin.share_facebook]]=[[Deli na Facebook-u]].[[screenshot_plugin.share_vk]]=[[Deli na VK]].[[screenshot_plugin.share_pinterest]]=[[Deli na Pinterest]].[[screenshot_plugin.share]]=[[Deli na dru.benih omre.jih]]..[[screenshot_plugin.incorrect_size]]=[[Napa.n

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sq.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1121)
                                                            Category:dropped
                                                            Size (bytes):11553
                                                            Entropy (8bit):4.986278108970552
                                                            Encrypted:false
                                                            SSDEEP:192:Z0yXXggtZt2AkOqhaJkesqIM4qLDVdlHiCNHt8e/wrZhcurGw:iyXlEa2eH1lCCNHtVsrcLw
                                                            MD5:C472AAE2B0373E15A29D72B3CF5E0E3D
                                                            SHA1:D8D0F01FBD6C0EBD69E68951E846915268B199E9
                                                            SHA-256:DCBE37332E05768D3A3F9E46686F4BEF18A4B9F4622BA9BC9F2BF0451092419B
                                                            SHA-512:A4EF6FC6D6A67A52E45EA7172E8CF0292B9EB803B2205231ACE4E2850E7E1CDF83659216D4750DD9DDB6FB0AA63FC6A5F9D55A6192E1D8E0176729A840DADA32
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Ruaj]].[[screenshot_plugin.copy]]=[[Kopjo]].[[screenshot_plugin.print]]=[[Printoje]].[[screenshot_plugin.fullscreen]]=[[Selektoni ekran t. plot.]].[[screenshot_plugin.clear]]=[[Pastro selektimin]].[[screenshot_plugin.cancel]]=[[Anulo]].[[screenshot_plugin.editonline]]=[[Redaktoni nj. prerje n. Internet]].[[screenshot_plugin.upload]]=[[Ngarko te prntscr.com]].[[screenshot_plugin.close]]=[[Mbylle]]..[[screenshot_plugin.share_googlesearch]]=[[K.rko imazhe t. ngjash.m n. Google]].[[screenshot_plugin.share_tineyesearch]]=[[K.rko Imazhe t. ngjashme n. Tineye]].[[screenshot_plugin.share_sendmail]]=[[D.rgo me Email]].[[screenshot_plugin.share_twitter]]=[[Shp.rndaje n. Twitter]].[[screenshot_plugin.share_facebook]]=[[Shp.rndaje n. Facebook]].[[screenshot_plugin.share_vk]]=[[Shp.rndaje n. VK]].[[screenshot_plugin.share_pinterest]]=[[Shp.rndaje n. Pinterest]].[[screenshot_plugin.share]]=[[Shp.rndaje n. Rrjetet Sociale]]..[[screenshot_plugin.in

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sr-Cyrl.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):5991
                                                            Entropy (8bit):5.132534694916237
                                                            Encrypted:false
                                                            SSDEEP:96:eJScXTmxKGH+EOs69U8sh6wx3KRKSPRoEo2foFTNMwx3KRNjo1fEAjrxWyyH0nTw:0RD/sh6h9RbhQEJd
                                                            MD5:B59655503491EDE3F4E384D1CD1D4B92
                                                            SHA1:B7C97861BE859DD9B5CD4B5B6417E74072EB6389
                                                            SHA-256:5668F40DE78CFAC84078449DE88F628C49C126C43E14EB9E4F10A2CA689BDF85
                                                            SHA-512:423A6F639AE3071F436EB31C684196C620C88FCFFAEB2C1326E6974545BE2DEDB040167828E1527D1EEB268013EDFFED867E8655A25783CAFE4254031D7375D4
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[.......]].[[screenshot_plugin.fullscreen]]=[[....... ..... ..... ......]].[[screenshot_plugin.editonline]]=[[...... ..... ......]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_twitter]]=[[...... .. .......]].[[screenshot_plugin.share_facebook]]=[[...... .. ........]].[[screenshot_plugin.share_pinterest]]=[[...... .. ..........]].[[screenshot_plugin.share]]=[[...... .. .......... .......]]..[[screenshot_plugin.error_capt]]=[[......]]..[[screenshot_plugin.tooltip]]=[[...... ........]].[[screenshot_plugin.upload_failed_retry]]=[[..... .......... ...... ......?]]..[[screenshot_app.help]]=[[.....]].[[screenshot_app.exit]]=[[.....]].[[screenshot_app.copyright]]=[[%company% ... ..... .........]]..[[screenshotplugin_name]]=[[Lightshot (....

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sr.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (984)
                                                            Category:dropped
                                                            Size (bytes):10821
                                                            Entropy (8bit):4.994608224609736
                                                            Encrypted:false
                                                            SSDEEP:192:vDwRfRSjHqgB0esAvlJz6FVeYZxUb/kEAemIhk5INW:vmsN0esAd16iYHS/s1
                                                            MD5:6F6D725EF25A08411050A1B8B64971ED
                                                            SHA1:8931A4ADCC03DA6E792B27AE75D5A6B7F800628B
                                                            SHA-256:2C54125C6083783887B438DC2B503DE6C3396819EDF0A553446117E2D61E7316
                                                            SHA-512:20463FF7432B510BA1383342690E321607559F7D5C564E32FC4BD3F902BC6A4BE299F8FE21673FA99BA7F6C7B6FB9F31EA3355B7643EA8E4E5F0449448C801BE
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Snimi]].[[screenshot_plugin.copy]]=[[Kopiraj]].[[screenshot_plugin.print]]=[[Od.tampaj]].[[screenshot_plugin.fullscreen]]=[[Izaberi ceo ekran]].[[screenshot_plugin.clear]]=[[Obri.i selektovano]].[[screenshot_plugin.cancel]]=[[Otka.i]].[[screenshot_plugin.editonline]]=[[Izmeni sliku onlajn]].[[screenshot_plugin.upload]]=[[Otpremi na prntscr.com]].[[screenshot_plugin.close]]=[[Zatvori]]..[[screenshot_plugin.share_googlesearch]]=[[Pretra.i sli.ne fotografije na Google]].[[screenshot_plugin.share_tineyesearch]]=[[Pretra.i sli.ne fotografije na Tineye]].[[screenshot_plugin.share_sendmail]]=[[Po.alji elektronskom po.tom]].[[screenshot_plugin.share_twitter]]=[[Podeli na Twitter]].[[screenshot_plugin.share_facebook]]=[[Podeli na Facebook]].[[screenshot_plugin.share_vk]]=[[Deli na VK]].[[screenshot_plugin.share_pinterest]]=[[Deli na Pinterestu]].[[screenshot_plugin.share]]=[[Deli na socijalnim mre.ama]]..[[screenshot_plugin.incorrect_size]]=[[Pogre.na

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sv.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1028)
                                                            Category:dropped
                                                            Size (bytes):10799
                                                            Entropy (8bit):4.980991806531341
                                                            Encrypted:false
                                                            SSDEEP:192:ZqSedRpnb7KNlUO6EzmyqAJLvu5cuBIHpGLsLfEnQ8W49RpFEjJTv/4w1rrom:ZqSedRpnKXUO6EBqAp25cuGJGLtQ749+
                                                            MD5:9F1DC3AECD16265A7C7A6D6267FB5F98
                                                            SHA1:4EE8C5160CD707004482EFC73BD152B5A0D0C284
                                                            SHA-256:F6C24CF6BAE9777E1694B92C88AFBE77C99791AED35EB0FDA44F33287455C047
                                                            SHA-512:FA473916834B79E56BBA1548707383ABD4B1C82BEDD8187C167B59679AF8529D5A6D4C585C6FB18706DF2B76827E95E7BF9C37535BC36BACB6128B037A37C724
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Spara]].[[screenshot_plugin.copy]]=[[Kopiera]].[[screenshot_plugin.print]]=[[Skriv ut]].[[screenshot_plugin.fullscreen]]=[[V.lj fullsk.rm]].[[screenshot_plugin.clear]]=[[Rensa val]].[[screenshot_plugin.cancel]]=[[Avbryt]].[[screenshot_plugin.editonline]]=[[Redigera en shreenshot online]].[[screenshot_plugin.upload]]=[[Ladda ner till prntscr.com]].[[screenshot_plugin.close]]=[[St.ng]]..[[screenshot_plugin.share_googlesearch]]=[[S.k liknande bilder p. Google]].[[screenshot_plugin.share_tineyesearch]]=[[S.k liknande bilder p. Tineye]].[[screenshot_plugin.share_sendmail]]=[[Skicka via e-mejl]].[[screenshot_plugin.share_twitter]]=[[Dela p. Twitter]].[[screenshot_plugin.share_facebook]]=[[Dela p. Facebook]].[[screenshot_plugin.share_vk]]=[[Dela p. VK]].[[screenshot_plugin.share_pinterest]]=[[Dela p. Pinterest]].[[screenshot_plugin.share]]=[[Dela p. sociala n.tverk]]..[[screenshot_plugin.incorrect_size]]=[[Fel storlek]].[[screenshot_plugin.error_ca

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\th.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):4901
                                                            Entropy (8bit):5.025306265427669
                                                            Encrypted:false
                                                            SSDEEP:96:D3l5xtjCjfov3OxsC4hI4JmjFpob2H2mPt2se78UXUeP/5p8zbH8hMDkVoAHSAg:D3C3ebIjFpob2zPt2seQUXUeX5izbHUU
                                                            MD5:B120214A70252EA6E6676EF8ABC25F5C
                                                            SHA1:70D9579B75E377B2A28198BF107846EE936560FA
                                                            SHA-256:40946D5C72FDAEC7106FCB6E7F2114365988C76070A4D1E2C110721625E9406B
                                                            SHA-512:290E823F929A2E80AD4FF4F4648A4244468547A6DD128E117FD0300B21496E0E1B5FCFA3D1DB1D2B8E271DE45EB42A325954E2EBB5A4544EA4456CF97D6B22FF
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[......]].[[screenshot_plugin.copy]]=[[......]].[[screenshot_plugin.print]]=[[.....]].[[screenshot_plugin.fullscreen]]=[[..........]].[[screenshot_plugin.clear]]=[[....]].[[screenshot_plugin.cancel]]=[[......]].[[screenshot_plugin.editonline]]=[[...........]].[[screenshot_plugin.upload]]=[[............ prntscr.com]].[[screenshot_plugin.close]]=[[...]]..[[screenshot_plugin.share_googlesearch]]=[[...................... Google]].[[screenshot_plugin.share_tineyesearch]]=[[...................... Tineye]].[[screenshot_plugin.share_sendmail]]=[[....... Email]].[[screenshot_plugin.share_twitter]]=[[......... Twitter]].[[screenshot_plugin.share_facebook]]=[[......... Facebook]].[[screenshot_plugin.share_p

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\tr.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (922)
                                                            Category:dropped
                                                            Size (bytes):11379
                                                            Entropy (8bit):5.149530343017641
                                                            Encrypted:false
                                                            SSDEEP:192:AyTbrYFD5R8pz0o/N8/71xMjuvMgyHZLTGKIJl:RrYFeQoODyiM/HZfvIn
                                                            MD5:A6A1B66FA9E552BF131CF58D1EC6D5E9
                                                            SHA1:F2971C40374259A63FDD0BECEF50AF7A2A4F738D
                                                            SHA-256:BDDA3AF25EE6A69886A3F6C83BBED160928A762EA3E4185F31EFC46FCF64D8F7
                                                            SHA-512:66D646C405EC4CF49753B0A6953B069565405A594BF0B21D00B85CE97081C7DE107F85760CC7F187BA90416978F7746C2BA75F63E6AD9B992B6764D2A862CA1E
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[Kaydet]].[[screenshot_plugin.copy]]=[[Kopyala]].[[screenshot_plugin.print]]=[[Yazd.r]].[[screenshot_plugin.fullscreen]]=[[T.m ekran. se.]].[[screenshot_plugin.clear]]=[[Se.imi Temizle]].[[screenshot_plugin.cancel]]=[[.ptal]].[[screenshot_plugin.editonline]]=[[Ekran G.r.nt.s.n. .evrimi.i d.zenle]].[[screenshot_plugin.upload]]=[[Prntscr.com'a y.kle]].[[screenshot_plugin.close]]=[[Kapat]]..[[screenshot_plugin.share_googlesearch]]=[[Google'da benzer g.rselleri ara]].[[screenshot_plugin.share_tineyesearch]]=[[Tineye'de benzer g.rselleri ara]].[[screenshot_plugin.share_sendmail]]=[[E-posta ile g.nder]].[[screenshot_plugin.share_twitter]]=[[Twitter'da payla.]].[[screenshot_plugin.share_facebook]]=[[Facebook'da payla.]].[[screenshot_plugin.share_vk]]=[[VK'da payla.]].[[screenshot_plugin.share_pinterest]]=[[Pinterest'de payla.]].[[screenshot_plugin.share]]=[[Sosyal a.larda payla.]]..[[screenshot_plugin.incorrect_size]]=[[Hatal. Boyut]].[[

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\uk.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (910)
                                                            Category:dropped
                                                            Size (bytes):14023
                                                            Entropy (8bit):5.2569029518286685
                                                            Encrypted:false
                                                            SSDEEP:192:geUC7QmKuL28T5kKasZCMFe5b95X95pZ0mokUzrwgVzVnvDcJVIoEV3w9+2GDTYB:WlwlkK1kse5b95X95YOCfcvyg
                                                            MD5:27C710C7C361A9B94703BD1C4C717522
                                                            SHA1:231EE42EFC2BC4055DE6AADD275CA83CB2562839
                                                            SHA-256:627D3F4BB34F3F5AC2BAAAED82FBE80B3739C58D2F710BCBBD11DDBA85BB14BF
                                                            SHA-512:1CAA0C3FFBDB42577D27C0090E98B39E925BF711A0814E52E943003D06E8BD00493318A7B1D27B11C66847091EF64BB102BEB669C3D999535F258700ADC268DB
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[........]].[[screenshot_plugin.copy]]=[[.........]].[[screenshot_plugin.print]]=[[.........]].[[screenshot_plugin.fullscreen]]=[[........ .... .....]].[[screenshot_plugin.clear]]=[[........]].[[screenshot_plugin.cancel]]=[[.........]].[[screenshot_plugin.editonline]]=[[..........]].[[screenshot_plugin.upload]]=[[........... .. ...... prntscr.com]].[[screenshot_plugin.close]]=[[.......]]..[[screenshot_plugin.share_googlesearch]]=[[...... ..... .......... . Google]].[[screenshot_plugin.share_tineyesearch]]=[[...... ..... .......... . Tineye]].[[screenshot_plugin.share_sendmail]]=[[......... .. email]].[[screenshot_plugin.share_twitter]]=[[.......... . Twitter]].[[screenshot_plugin.share_facebook]]=[[.......... .. Facebook]].[[screenshot_plugin.share_vk]]=[[.......... . VK]].

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ur.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (958)
                                                            Category:dropped
                                                            Size (bytes):11265
                                                            Entropy (8bit):5.379695241539821
                                                            Encrypted:false
                                                            SSDEEP:192:SE5vQkbk3X9ipa+ZDjM/vwr7b9a6vZOQjdFE+dXvEVsIqLXRNe8S2TmorJi:/vNp3pM/v6kQjVnLhNeF2T5rk
                                                            MD5:9EF4A08C21E1448BED2D3DCF8AE3B922
                                                            SHA1:F2209C45F7DCA7BC1FA60E454E9C8C52AB570DFA
                                                            SHA-256:9C1DEFA92587EC92A09B098745ECCAA5B8F7197FA154A41A74C663F62C532C21
                                                            SHA-512:45F03E9A8CCB794D0EA8264EAAA3237E1FA37A086EB23BD2214EE6EB22E948A3A4706031CE3F9E6A1508F45C05C327A9A610D1748901899FB44FCC62B1EA0980
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..... ....]].[[screenshot_plugin.copy]]=[[... ....]].[[screenshot_plugin.print]]=[[.... ....]].[[screenshot_plugin.fullscreen]]=[[.... .... .... .. ...... ....]].[[screenshot_plugin.clear]]=[[...... ..... ....]].[[screenshot_plugin.cancel]]=[[..... ....]].[[screenshot_plugin.editonline]]=[[.... .... ... ... ..... ....]].[[screenshot_plugin.upload]]=[[.. ..... .... prntscr.com]].[[screenshot_plugin.close]]=[[... ....]]..[[screenshot_plugin.share_googlesearch]]=[[.... .. .... .... ...... .. .... ....]].[[screenshot_plugin.share_tineyesearch]]=[[.. .... .... ...... .. .... .... Tineye]].[[screenshot_plugin.share_sendmail]]=[[...... .. ... ..... ....]].[[screenshot_plugin.share_twitter]]=[[..... .. ..... ....]].[[screenshot_plugin.share_facebook]]=[[...

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\vi.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1062)
                                                            Category:dropped
                                                            Size (bytes):11480
                                                            Entropy (8bit):5.419848029758379
                                                            Encrypted:false
                                                            SSDEEP:192:bjogec0IQlM11nlmVeq/HOO5m+0rVKXIkrGePxn:PpL11nk/HhV0rAX97Px
                                                            MD5:1519DB2C13A378136674B71398DFAA6D
                                                            SHA1:B601FD64338E54DCEE5A2365BBE520ECFACE43F0
                                                            SHA-256:C9730104D6D2F66DA4419D9D7C8CC64A3A839DFA06AC88E42DDEE58AE3B170D2
                                                            SHA-512:8CE125AC27B86C95F7EADECBADA1652C897794EC9CAFFFFED451F36B87BDE85077C65FBA99085FADFB0AFD5BDC08D60077F71C253545D86143055CDA0FF41BD3
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[L.u]].[[screenshot_plugin.copy]]=[[Sao ch.p]].[[screenshot_plugin.print]]=[[In]].[[screenshot_plugin.fullscreen]]=[[Ch.n to.n m.n h.nh]].[[screenshot_plugin.clear]]=[[X.a v.ng ch.n]].[[screenshot_plugin.cancel]]=[[H.y b.]].[[screenshot_plugin.editonline]]=[[Ch.nh s.a .nh ch.p m.n h.nh tr.c tuy.n]].[[screenshot_plugin.upload]]=[[T.i l.n prntscr.com]].[[screenshot_plugin.close]]=[[..ng]]..[[screenshot_plugin.share_googlesearch]]=[[T.m ki.m .nh t..ng t. tr.n Google]].[[screenshot_plugin.share_tineyesearch]]=[[T.m ki.m .nh t..ng t. tr.n Tineye]].[[screenshot_plugin.share_sendmail]]=[[G.i qua email]].[[screenshot_plugin.share_twitter]]=[[Chia s. l.n Twitter]].[[screenshot_plugin.share_facebook]]=[[Chia s. l.n Facebook]].[[screenshot_plugin.share_vk]]=[[Chia s. l.n VK]].[[screenshot_plugin.share_pinterest]]=[[Chia s. l.n m.ng x. h.i Pinterest]].[[screenshot_plugin.share]]=[[Chia s. l.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\zh-CN.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628)
                                                            Category:dropped
                                                            Size (bytes):9937
                                                            Entropy (8bit):6.105361124203797
                                                            Encrypted:false
                                                            SSDEEP:192:4UtpV4BB0ufTy1A+XJRps1w3yUAa5B1Hsn:4UtpVKB0uryJXpI8h4
                                                            MD5:FACF10F05E9598E2F8254CEAE56E3E0C
                                                            SHA1:0D7198F03B9837D98F63F937DD8A16421861DB8A
                                                            SHA-256:8BBEA3318E2843DBFAB7A2BE7E0BC378E5A196720514A45F2EB535FA8FF5CE46
                                                            SHA-512:6DC937ED6209A68CF0039674B0A20975A7CB87035BCCA5301238F99EEF3CE20F965F0B5F78F2BD7538E5BDA6D0C7FBDB2F2B38C23B6E64DAE32D075A3DC49682
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.....]].[[screenshot_plugin.clear]]=[[..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[......]].[[screenshot_plugin.upload]]=[[... prntscr.com]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[. Google ......]].[[screenshot_plugin.share_tineyesearch]]=[[. Tineye ......]].[[screenshot_plugin.share_sendmail]]=[[.. email ..]].[[screenshot_plugin.share_twitter]]=[[.. Twitter ..]].[[screenshot_plugin.share_facebook]]=[[.. Facebook ..]].[[screenshot_plugin.share_vk]]=[[.. VK ..]].[[screenshot_plugin.share_pinterest]]=[[. Pinterest ..]].[[screenshot_plugin.share]]=[[..]]..[[screenshot_plugin.incorrect_size]]=[[....]].[[screenshot_plugin.error_capt]]=[[..]]..[[screen

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\zh-TW.txt (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Unicode text, UTF-8 (with BOM) text
                                                            Category:dropped
                                                            Size (bytes):5927
                                                            Entropy (8bit):5.877550510084327
                                                            Encrypted:false
                                                            SSDEEP:96:sK9AfpSAWctdLxXmj3ouAKNzrl4MpBKclseHxaPFa6BEbGH:y4+BwrlBBRWPFDBEbGH
                                                            MD5:E57F6619FF7B09B3D7038553A3D24E0F
                                                            SHA1:79B1EAA08F83B9C9145791CE61CA2AFED470F2E0
                                                            SHA-256:05D69F78C57FE818645EAB63DD3CB51C0C51EBAF30B5C0556701D0B72547F4F0
                                                            SHA-512:14F1E21331A95C1663F43BB7FC80CE2AE4F13FC1D0A15F1DA5AF1B1831DD96A753AF56EB3FFD61D0EC73CABBB85ED72DB103587A3CC45A99ED0458D30CC7DC07
                                                            Malicious:false
                                                            Preview:.[[screenshot_plugin.save]]=[[..]].[[screenshot_plugin.copy]]=[[..]].[[screenshot_plugin.print]]=[[..]].[[screenshot_plugin.fullscreen]]=[[.....]].[[screenshot_plugin.clear]]=[[..]].[[screenshot_plugin.cancel]]=[[..]].[[screenshot_plugin.editonline]]=[[......]].[[screenshot_plugin.upload]]=[[... prntscr.com]].[[screenshot_plugin.close]]=[[..]]..[[screenshot_plugin.share_googlesearch]]=[[.Google......]].[[screenshot_plugin.share_tineyesearch]]=[[.Tineye......]].[[screenshot_plugin.share_sendmail]]=[[........]].[[screenshot_plugin.share_twitter]]=[[..Twitter..]].[[screenshot_plugin.share_facebook]]=[[..Facebook..]].[[screenshot_plugin.share]]=[[........]]..[[screenshot_plugin.incorrect_size]]=[[.....]].[[screenshot_plugin.error_capt]]=[[..]]..[[screenshot_plugin.tooltip]]=[[....]].[[screenshot_plugin.open]]=[[..]].[[screenshot_plugin.

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\net.dll (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):532904
                                                            Entropy (8bit):6.677919829499898
                                                            Encrypted:false
                                                            SSDEEP:12288:gPHfYd2RN8oXzSLOah1DObBVVEXMlworR2vbbc1pb1A30l0Va9e3A:gPHgbSpSUsvuVu3se3A
                                                            MD5:E68D7EAD1C2F5970541346AC8CB6F4FB
                                                            SHA1:F0E737DBF948141CF2499B0AA75C4774EF4CE2B7
                                                            SHA-256:45B2C27A4345D789287539DD82C9F85AC9324D01825F6E2E0C2CDD4C4172C038
                                                            SHA-512:11703B51D4DC40ED8EF0E502662055127D2A1C34E0FA09C204CEEFEE3DB6E7C567F519526E7794801AB7CB921BF29CC10E67C3C34426D2B1797080B52C748B4D
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......u^i.1?..1?..1?......=?.......?......+?......7?...a..)?...a..#?...a...?..8G..0?..1?...?..8G..*?...a..n?...a..8?...a..0?...a..0?..1?..0?...a..0?..Rich1?..................PE..L...wM5]...........!.....`..........W........p...............................`............@............................x...X....................................G..@...p...............................@............p..8............................text....^.......`.................. ..`.rdata...E...p...F...d..............@..@.data...0...........................@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc...G.......H..................@..B................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):220584
                                                            Entropy (8bit):6.536382959641074
                                                            Encrypted:false
                                                            SSDEEP:6144:AZpCXaiKWyj0I5q7Izq9Dd0gwjeNnQiaHv:9XaiKl4I5q7w2Dd0PjfLP
                                                            MD5:08CF9E363D79C9379CABD75382131315
                                                            SHA1:22CE1F3506FC46976F2D5DCC5A5735CE8EDE63BF
                                                            SHA-256:037EE2F3243918FFFA71B9E3FE0541245F75F89ABCAC0CCF2EA6A57020DDAAD7
                                                            SHA-512:CAB0C8A5B8596054315C69F1FF858DA1FAD89EA1E3C28D4C90411C293B6B40438E2BE67E029A51279637F2704E30903D0D4751E31FA1D1B2AF0393AF90C8907B
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{{....@...@...@W..@...@W..@k..@W..@...@.b.@...@.D.A...@.D.A...@.D.A...@.b.@...@...@9..@ID.A...@ID.A...@ID.@...@...@...@ID.A...@Rich...@................PE..L....M5]...........!.....L...................`............................................@.............................h...(........`..P............D.......p..."..0...p...............................@............`...............................text....J.......L.................. ..`.rdata.......`.......P..............@..@.data... .... ......................@....gfids.......@......................@..@.tls.........P......................@....rsrc...P....`......................@..@.reloc..."...p...$... ..............@..B................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):226728
                                                            Entropy (8bit):5.660598930817928
                                                            Encrypted:false
                                                            SSDEEP:3072:pqhd3Nc9EDsF2slLsvrD59WYcwIFU9OImpVYe3d3RIj/l8T:Od3NcWDY2slLsT/WYcwIe9DkL3pRwY
                                                            MD5:62EB961457DF016FA3949E9601A1A845
                                                            SHA1:0C0A5FA4F6CB9E18C0E3431D5E1BF45FD2E05352
                                                            SHA-256:8D4C4BCF7D7AEDF0480E3EAAC52138E63724AE83C419DE8A98D6AB32D1C93645
                                                            SHA-512:FB4FCB6A3F5B7A3EB35A1689A0D15E3D8F9F520180D6CC57857B90B8AF3D576DA179C30C18019DA5500F58D6F86C07645090E0C75ACCBD87257E1B73D291AE81
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.j..k9..k9..k9.H.9..k9.H.9..k9...9..k9...9..k9..j9..k9.H.9..k9.H.9..k9.H.9..k9Rich..k9........PE..L....b.J.....................J............... ....@.......................................@..................................I.........."............\..............................................8B..@............ ...............................text............................... ..`.rdata..<4... ...6..................@..@.data........`.......H..............@....rsrc..."............Z..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\info.xml

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (317), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):362
                                                            Entropy (8bit):5.086206319938175
                                                            Encrypted:false
                                                            SSDEEP:6:JiMVBd/hd+hnLbGRQ52OYKMLHi52OYKAVsA3/IhUaPfMPOIPQxwHWMWEk/9//9R0:MMHdkR2NHa2PIG0fMPOOQxw2yMBz0
                                                            MD5:105B94BB4070848B67CC3C23AB32AFBF
                                                            SHA1:4FF607984309DD4B9C0EBC03A610D0022FD565C2
                                                            SHA-256:F2CBF4E10F5F71841842C75AB97D2DC59A902A095E4AB54A25AD692C1D3AA1F0
                                                            SHA-512:9007822BB83F56518570A8ACB3B42A1EC79BE26FC0DABC22EC40F569A725CBB4BFF9B0801EC5E51AF8753BCE54474107582B72FC8F37E8E305E22255A0793041
                                                            Malicious:false
                                                            Preview:.<?xml version="1.0" encoding="UTF-8"?>..<product intname="lightshot" productdir="C:\Program Files (x86)\Skillbrains\lightshot" uninstall="C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe" friendlyname="Lightshot" updateurl="http://updater.prntscr.com/getver/lightshot" version="5.5.0.7" needadmin="no" ><unistallactions></unistallactions></product>..

                                                            C:\Program Files (x86)\Skillbrains\lightshot\is-5TND1.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1558952
                                                            Entropy (8bit):6.277445125803931
                                                            Encrypted:false
                                                            SSDEEP:24576:2nbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtV5Gqx9fh:8HeKh4nqzF3PYdStVRz
                                                            MD5:C6BFFD4DA620B07CB214F1BD8E7F21D2
                                                            SHA1:054221DC0C8A686E0D17EDD6E02C06458B1395C3
                                                            SHA-256:55DBB288D5DF6DF375487BAE50661DBF530FD43A7E96017B7183A54DB8FC376A
                                                            SHA-512:91E50DF87A6E42B01E24ACCEAD25726047A641C3960FA3336F560168ED68356E6992D289A0A71B629D74AD7B00BBDBF7E6E909A4C8B5B1616FBF3B0CC63210AB
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..........................p......X.....@......@..............................@8...@...'...................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc....'...@...(..................@..@....................................@..@........................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\is-Q717B.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):226728
                                                            Entropy (8bit):5.660598930817928
                                                            Encrypted:false
                                                            SSDEEP:3072:pqhd3Nc9EDsF2slLsvrD59WYcwIFU9OImpVYe3d3RIj/l8T:Od3NcWDY2slLsT/WYcwIe9DkL3pRwY
                                                            MD5:62EB961457DF016FA3949E9601A1A845
                                                            SHA1:0C0A5FA4F6CB9E18C0E3431D5E1BF45FD2E05352
                                                            SHA-256:8D4C4BCF7D7AEDF0480E3EAAC52138E63724AE83C419DE8A98D6AB32D1C93645
                                                            SHA-512:FB4FCB6A3F5B7A3EB35A1689A0D15E3D8F9F520180D6CC57857B90B8AF3D576DA179C30C18019DA5500F58D6F86C07645090E0C75ACCBD87257E1B73D291AE81
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.j..k9..k9..k9.H.9..k9.H.9..k9...9..k9...9..k9..j9..k9.H.9..k9.H.9..k9.H.9..k9Rich..k9........PE..L....b.J.....................J............... ....@.......................................@..................................I.........."............\..............................................8B..@............ ...............................text............................... ..`.rdata..<4... ...6..................@..@.data........`.......H..............@....rsrc..."............Z..............@..@.reloc...............B..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\unins000.dat

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:InnoSetup Log lightshot {30A5B3C9-2084-4063-A32A-628A98DE512B}, version 0x418, 53204 bytes, 045012\37\user\376, C:\Program Files (x86)\Skillbrains\lightsh
                                                            Category:dropped
                                                            Size (bytes):53204
                                                            Entropy (8bit):4.0126314304876
                                                            Encrypted:false
                                                            SSDEEP:384:FlNq5gheelm6Vo3HxRsrmORjf9I8g2X+lR3P8RbI1B29SnbPWqbRORkeEwHeY:rOgtVY7c9I8g2k8RbH9SnbdbROGY
                                                            MD5:1EE338563C5D52892CA7C6C606BA9178
                                                            SHA1:CCF68279D2966A4E6C3EEC253D713EBDE3960BE5
                                                            SHA-256:2F5FA2F20C02772631E82745FEC537628FE8350C5DF57AE31DAF5A569AA9B2CA
                                                            SHA-512:696888F52C3410E9A00548483EB3A5478265CBF56643C2CA90E53FBC763D29B08D5BE2242BE2C8C8A594D6DC6905D5B8BB3579323D0CCCA0F32E5954C5C9BF41
                                                            Malicious:false
                                                            Preview:Inno Setup Uninstall Log (b)....................................{30A5B3C9-2084-4063-A32A-628A98DE512B}..........................................................................................lightshot...........................................................................................................................M.......%................................................................................................................"l...........~I...............0.4.5.0.1.2......j.o.n.e.s......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.l.i.g.h.t.s.h.o.t....................... ...........t..IFPS....=...............................................................................................................................................................BOOLEAN..............TWIZARDPAGE....TWIZARDPAGE.........TRADIOBUTTON....TRADIOBUTTON.........TCHECKBOX....TCHECKBOX.........TBITMAPIMAGE....TBITMAPIMAGE.........TPANEL....TPANEL.........TWINCONTROL...

                                                            C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1558952
                                                            Entropy (8bit):6.277445125803931
                                                            Encrypted:false
                                                            SSDEEP:24576:2nbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtV5Gqx9fh:8HeKh4nqzF3PYdStVRz
                                                            MD5:C6BFFD4DA620B07CB214F1BD8E7F21D2
                                                            SHA1:054221DC0C8A686E0D17EDD6E02C06458B1395C3
                                                            SHA-256:55DBB288D5DF6DF375487BAE50661DBF530FD43A7E96017B7183A54DB8FC376A
                                                            SHA-512:91E50DF87A6E42B01E24ACCEAD25726047A641C3960FA3336F560168ED68356E6992D289A0A71B629D74AD7B00BBDBF7E6E909A4C8B5B1616FBF3B0CC63210AB
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..........................p......X.....@......@..............................@8...@...'...................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc....'...@...(..................@..@....................................@..@........................................................................................................................................

                                                            C:\Program Files (x86)\Skillbrains\lightshot\unins000.msg

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
                                                            Category:dropped
                                                            Size (bytes):22709
                                                            Entropy (8bit):3.2704486925356004
                                                            Encrypted:false
                                                            SSDEEP:192:Q41EjXgkg3Sqf8sfr69FT0AKanzLYfMa1tzvL7Vzo+Fc51USQDztXfbKJUfvo:Q41Elvqf9r6fKVfMmRo+y1USQDztP3o
                                                            MD5:79173DA528082489A43F39CF200A7647
                                                            SHA1:AA253B477CE2BF9D886D07694CD5DDB7C7FE9EEC
                                                            SHA-256:4F36E6BE09CD12E825C2A12AB33544744E7256C9094D7149258EA926705E8FFD
                                                            SHA-512:C46EB9DD3D03A993FDC4F65AE2751ECFDCB1FB6E1FB69A119105FD40290CE5EC4427B04F813EED47415390689943D05B5432D4571B1ACA0CE37EE52391790D18
                                                            Malicious:false
                                                            Preview:Inno Setup Messages (5.5.3) (u).....................................hX..........&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s... .A.f.

                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.url

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):63
                                                            Entropy (8bit):4.389357701002968
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQYm/iZ7YWCGovn:HRYFVm/a7YZ/v
                                                            MD5:A18474414D2875A390A552C146BB89BA
                                                            SHA1:E63C72D365FCCBAA8F5888DF915F6FD2F244509E
                                                            SHA-256:B1BCCD9FCCD63A00DDB83CAD3DB8BA5C6672CF050E982FE07E0D87E94464B94F
                                                            SHA-512:E6FD5A2D6D496E1FBDF3D3ED6C7D9CBA0A2DCD32F1243F0DA54D36AB86B9C6DAA94820A793CCA62BFB7032BA84E800541ACCCBF7725BD1AB97193789356A6761
                                                            Malicious:false
                                                            Preview:[InternetShortcut]..URL=http://app.prntscr.com/learnmore.html..

                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Sep 27 05:30:15 2024, mtime=Fri Sep 27 05:30:15 2024, atime=Mon Jul 22 02:21:52 2019, length=226728, window=hide
                                                            Category:dropped
                                                            Size (bytes):1266
                                                            Entropy (8bit):4.626612586570137
                                                            Encrypted:false
                                                            SSDEEP:24:8mfxxLEDXkdOE39DG0qAdNldmAlydmsUUE/qyFm:8mfxxoDXkdOkFZdNldjlydkUyF
                                                            MD5:98EAC6E850340D9A0B9AD8DE2648CA46
                                                            SHA1:D9821D0AF736B42869BD3732600F4E2119068A79
                                                            SHA-256:00A12539A5908C57508FE12B7C4C4EB6E2DE9E596CE9178D3941DCD17BE8C22D
                                                            SHA-512:83FD233AEB9D3DDC7AA4A7D70B62FE52E1F46C6FDFF0E0C26DDB6EE2ABDB99C37FFB7FB5FF6626554FA4C2F2AF658A1EE53440019A026522C4052C76167E8CEB
                                                            Malicious:false
                                                            Preview:L..................F.... ............ .......H..<@...u...........................P.O. .:i.....+00.../C:\.....................1.....;Y.3..PROGRA~2.........O.I;Y.3....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....;Y.3..SKILLB~1..H......;Y.3;Y.3..............................S.k.i.l.l.b.r.a.i.n.s.....\.1.....;Y.3..LIGHTS~1..D......;Y.3;Y.3..............................l.i.g.h.t.s.h.o.t.....h.2..u...N.. .LIGHTS~1.EXE..L......;Y.3;Y.3..............................L.i.g.h.t.s.h.o.t...e.x.e.......i...............-.......h............{......C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe..I.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.l.i.g.h.t.s.h.o.t.\.L.i.g.h.t.s.h.o.t...e.x.e.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.l.i.g.h.t.s.h.o.t.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4.

                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Screenshot history.url

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/about-gallery.html>), ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):67
                                                            Entropy (8bit):4.589477951548982
                                                            Encrypted:false
                                                            SSDEEP:3:HRAbABGQYm/iZ7DLOWIYn:HRYFVm/a7DLOPY
                                                            MD5:62F8B30CED0855922531B97CC59B0C0B
                                                            SHA1:9BF321E4EC809FDDAAA178B721DE35F1C8EDC9EA
                                                            SHA-256:CC30D9069BA066C29A05269A2EC3593A5E904C445D1DB050692B4284F7E54C56
                                                            SHA-512:E78642F9FCBB02A37CC53DDAF1636E49ADA2DB8D61011AAC9B9709FCBF288D6D68226179BF67A444B7BD2543FDA028D0116CC65BAA5302D29024D53D65F562C2
                                                            Malicious:false
                                                            Preview:[InternetShortcut]..URL=http://app.prntscr.com/about-gallery.html..

                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Uninstall Lightshot.lnk

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Sep 27 05:30:14 2024, mtime=Fri Sep 27 05:30:14 2024, atime=Fri Sep 27 05:30:00 2024, length=1558952, window=hide
                                                            Category:dropped
                                                            Size (bytes):1261
                                                            Entropy (8bit):4.661223873865054
                                                            Encrypted:false
                                                            SSDEEP:24:8mJx/vOESdOE3kDMkA8NNdmiBdmsUUECTIqyFm:8mr/JSdO9Iz8NNdbBdkoTRyF
                                                            MD5:8E3C2648BF01A822CD19283B2BC5CAEE
                                                            SHA1:9802548D0B39DC08529282C56283588BFBE48EEB
                                                            SHA-256:982815B6D8F400E790E6102F788FE877B5A2AF9260E7E5C621C1A1FA476C0A94
                                                            SHA-512:7B2C5D640E1F09DAAFC81CCF41789ED03F746D3A3DB2AA371BB485DE6E2822F06BF2DC02883587072F52FD3EC1FCAFF088433CB81A1C93174647B2FCBA5D8691
                                                            Malicious:false
                                                            Preview:L..................F.... ....wU......\..........................................P.O. .:i.....+00.../C:\.....................1.....;Y.3..PROGRA~2.........O.I;Y.3....................V.....].Y.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....`.1.....;Y.3..SKILLB~1..H......;Y.3;Y.3..............................S.k.i.l.l.b.r.a.i.n.s.....\.1.....;Y.3..LIGHTS~1..D......;Y.3;Y.3..............................l.i.g.h.t.s.h.o.t.....f.2.....;Y.3 .unins000.exe..J......;Y.3;Y.3....Q.....................g.&.u.n.i.n.s.0.0.0...e.x.e.......h...............-.......g............{......C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe..H.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.l.i.g.h.t.s.h.o.t.\.u.n.i.n.s.0.0.0...e.x.e.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.l.i.g.h.t.s.h.o.t.........*................@Z|...K.J.........`.......X.......045012...........hT..CrF.f4... .E

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):43
                                                            Entropy (8bit):2.7374910194847146
                                                            Encrypted:false
                                                            SSDEEP:3:CU9yltxlHh/:m/
                                                            MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                            SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                            SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                            SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                            Malicious:false
                                                            Preview:GIF89a.............!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\__utm[1].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\updater[1].xml

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:XML 1.0 document, ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):181
                                                            Entropy (8bit):4.810979349845885
                                                            Encrypted:false
                                                            SSDEEP:3:vFWWMNCmXyKgCC6buVBERrLEIgkuyWQCuXCsVOXKvHiLQRAtRdbJBNWVIQrEsLh9:TM3i0bK4sIgOjS6OXGiUaPhWVvhWdnoT
                                                            MD5:AE4F7437A2DFEE6B87F2A6A011CC6625
                                                            SHA1:2FFF75CD2DE536DCC1CE139F376A4DC6A1D5409E
                                                            SHA-256:EBE25600D44F1F798ADA4B3B62001FD96D7A5E466125484568C3241508BF46C6
                                                            SHA-512:E5208E420819E7F4817650A8D16662B4D646978097CE825757D29B397DCCDE738A13527CF9FE249E3E49749C31F5A1010DA3751FBC84D54AA4D80DA66D5D2FC5
                                                            Malicious:false
                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><update intname='updater' version='1.8.0.0' installerurl='http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe' whatsnewurl=''></update>

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[1].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):43
                                                            Entropy (8bit):2.7374910194847146
                                                            Encrypted:false
                                                            SSDEEP:3:CU9yltxlHh/:m/
                                                            MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                            SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                            SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                            SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                            Malicious:false
                                                            Preview:GIF89a.............!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[2].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):43
                                                            Entropy (8bit):2.7374910194847146
                                                            Encrypted:false
                                                            SSDEEP:3:CU9yltxlHh/:m/
                                                            MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                            SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                            SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                            SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                            Malicious:false
                                                            Preview:GIF89a.............!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[3].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):43
                                                            Entropy (8bit):2.7374910194847146
                                                            Encrypted:false
                                                            SSDEEP:3:CU9yltxlHh/:m/
                                                            MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                            SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                            SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                            SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                            Malicious:false
                                                            Preview:GIF89a.............!.......,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[1].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[2].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[3].gif

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[4].gif

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[5].gif

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):35
                                                            Entropy (8bit):2.9889227488523016
                                                            Encrypted:false
                                                            SSDEEP:3:CUdrllHh/:HJ/
                                                            MD5:28D6814F309EA289F847C69CF91194C6
                                                            SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                            SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                            SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                            Malicious:false
                                                            Preview:GIF89a.............,...........D..;

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\lightshot[1].xml

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:XML 1.0 document, ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):185
                                                            Entropy (8bit):4.889037526217217
                                                            Encrypted:false
                                                            SSDEEP:3:vFWWMNCmXyKgCC6buVBERrLEIg74KMKCVSvVOXKvHiLQRAtRdbJBNWVIJ6KfLHk+:TM3i0bK4sIgYONOXGiUaPhWV0ZH7tSF2
                                                            MD5:0BEB334749803CE5B1E17FCE0F7ED4B6
                                                            SHA1:02BD2F210DEAE179A081B3D3DDBB1B641CE442F5
                                                            SHA-256:FEFACAB141D3FAC3A40C42AAAAD1ED80CD74D2B40B434F45364797FC50FEB322
                                                            SHA-512:46015346930D2D8948D1CD2E6835C64DEEC3D485209D8F674CA826FC5B845832C086ABF5870FF59B4D33FA4B1CFCC360D23658015F2D89BF85EAC7782EC08B59
                                                            Malicious:false
                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><update intname='lightshot' version='5.5.0.7' installerurl='http://updater.prntscr.com/builds/setup-lightshot-5.5.0.7.exe' whatsnewurl=''></update>

                                                            C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1184920
                                                            Entropy (8bit):6.403474738324362
                                                            Encrypted:false
                                                            SSDEEP:24576:6tdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5ZTx928:yqTytRFk6ek1fL
                                                            MD5:3613E29D2A7B90C1012EC676819CC1CD
                                                            SHA1:A18F7AB9710EEFA0678981B0BE9A429DC6F98D28
                                                            SHA-256:FB5761640BB6D375345B780DF0F1811F6AE6A1DDEAE7C948299379F8BCA822C8
                                                            SHA-512:837F3AEDCFD81CFC0FCEBC9E135F72A55C0CAC10860CA78D57CD910D6F039AFD500BBBFF1481637F21912E5EACBDBEBFDC3A3BB8133DB2CB37F444EF87E6347B
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.......................................@......@..............................@8...0..@.................................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc...@....0.......l..............@..@....................................@..@........................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\_isetup\_setup64.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):6144
                                                            Entropy (8bit):4.720366600008286
                                                            Encrypted:false
                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-elements-eula-ru.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):44434
                                                            Entropy (8bit):5.055502439168761
                                                            Encrypted:false
                                                            SSDEEP:384:Q8F4XeTZqx1hQYcgGGSM5U5hG5dVMO7fjle3zen1rCE2milny9mjj:Q8F4XOvhG5dVflCKr9mjj
                                                            MD5:5FBA621DDF04202D3E710EC5DAA249D3
                                                            SHA1:A5F387D431D5013779D57F76F46539D9086EC824
                                                            SHA-256:09324F2C5BE810B8362FEF56B88297FECCC535C074CD093C6F2115C03BC62577
                                                            SHA-512:E35445576768557984779D95F446FE564F038D16E2BCF4B66685DBC9452559BED984E625E45A05C7A5944729B90526E7500C7DE44E66EEE4E2BEE1AEF636BD52
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}.{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Tahoma;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \f

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-elements-eula-tr.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):44258
                                                            Entropy (8bit):5.053517583827171
                                                            Encrypted:false
                                                            SSDEEP:384:Q8FqXeTZqx1hQYcgGGSM5U5hGh7/Pfjle3zen1rCE2milny9mjG:Q8FqXOvhGh7/xlCKr9mjG
                                                            MD5:0817D3433357D14D8348C18ABA8A79F0
                                                            SHA1:BADC52324052DB9AF338148005C0D78BE518C40A
                                                            SHA-256:0019007478955A4C1388D35B30F8749EF999C5C94050E6FD02762DC2EEA67DE5
                                                            SHA-512:99475B43980E4BC8A7C9433E9DE839F07463763BAD5457075D84C6424A8FA7D5E1EE7DFD6858E4515779AA7AC0C3BD428F483A10B35C722CDC6AE3B8BA848C75
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}.{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fswiss\fcharset204\fprq2{\*\panose 00000000000000000000}Tahoma;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \f

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-eula-ru.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):43742
                                                            Entropy (8bit):5.040429235391265
                                                            Encrypted:false
                                                            SSDEEP:384:2y0XFGpdO6iyGGS9RMOB6Ko84rfjleYjhcA5xBHpny9Yl:2y0XPB6Ku7h/69Yl
                                                            MD5:588112797EA16A0C50DE14B89FDDE4FF
                                                            SHA1:E2C6D28D02D7DBEE5358C46ACB54A5782A0E068C
                                                            SHA-256:3CEFAA1EDB534A98F07C0353222D25076656DA804175DA42733E4B30B4144330
                                                            SHA-512:88E3E37029B9CD0DE06F3BC484F49A1BBAAE395DAC7A4A05D77803C1154BFCC00571D720A04C7DD7210B1C2DB2F019F330778403A266BD33E71F35B941798227
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f38\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0502040204020203}Segoe UI;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times Ne

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-eula-tr.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):502
                                                            Entropy (8bit):5.121102758665705
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDm+6+floimjf1I0BPeM1Ai0IIxIKpVh4xqv92:5i+6+eJf1I0BV1ArIzwC42
                                                            MD5:7F0BD956E453C25C8EF118C07DE27651
                                                            SHA1:F8A076AC8A5CD1287E7399C613D786F5780FFD8F
                                                            SHA-256:7B6814D66EAADA437CC705757E546D0BB5431E74F24849EADE487F6676D866C5
                                                            SHA-512:A6C01CEDF4295FAEB019B24C0A78FF3EE58F227836554CDC8A632A1DA3D54043365C930558C124B3051AD3F2804C89EBD9A6622909E73FC76F7A1F56C1861E4D
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset162 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang1033\f0\fs18 Yandex.Browser'\f1\'fd kurarak \f0{\field{\*\fldinst{HYPERLINK "http://legal.yandex.com.tr/browser_agreement/"}}{\fldrslt{\cf1\ul\f1 lisans s\'f6zle\'femesinin\f1 }}}\cf0\ulnone\f0\fs18 \f1 ko\'feullar\'fdn\'fd kabul etmi\'fe say\'fdl\'fdyorsunuz.\f0 \par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-page-ru.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):2335
                                                            Entropy (8bit):4.228984227926747
                                                            Encrypted:false
                                                            SSDEEP:48:5pJf5UcPF/4wLw21jpBqUR3Qh8kbMSBlSr9txUum8UOwSs2:5Hf5UcPF/4wLw21jp4UR3MvMSrSr9tiY
                                                            MD5:0E5C451F9C309D96BEF2023350788316
                                                            SHA1:314D4BE7BB90B9519737687DA5FA74358E22D029
                                                            SHA-256:BAC74855DCE2ED5EAAF919B948913E596D813E3A93DA793F3B39B9A611DB2482
                                                            SHA-512:54CE5A65406F0440978BBD12C4A2102522268B9057781FCE169B0B3B25E5A65E006182C57F6565DA5D5DC87714A3C75214D9726F7E79BA3014885A826078CED7
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset204 Segoe UI;}{\f2\fnil\fcharset2 Symbol;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang1033\b\f0\fs18\u1071?\u1085?\u1076?\u1077?\u1082?\u1089?.\u1041?\u1088?\u1072?\u1091?\u1079?\u1077?\u1088? \b0\emdash \u1101?\u1090?\u1086? \u1087?\u1088?\u1086?\u1089?\u1090?\u1072?\u1103? \u1080? \u1091?\u1076?\u1086?\u1073?\u1085?\u1072?\u1103? \u1087?\u1088?\u1086?\u1075?\u1088?\u1072?\u1084?\u1084?\u1072? \u1076?\u1083?\u1103? \u1088?\u1072?\u1073?\u1086?\u1090?\u1099? \u1074? \u1080?\u1085?\u1090?\u1077?\u1088?\u1085?\u1077?\u1090?\u1077?. \u1041?\u1099?\u1089?\u1090?\u1088?\u1072?\u1103? \u1079?\u1072?\u1075?\u1088?\u1091?\u1079?\u1082?\u1072?, \u1090?\u1086?\u1083?\u1100?\u1082?\u1086? \u1089?\u1072?\u1084?\u1099?\u1077? \u1085?\u1091?\u1078?\u1085?\u1099?\u1077? \u1082?\u1085?\u1086?\u1087?\u1082?\u1080? \u1080? \u1084?\u1085?\u1086?\u1075?\u1086? \u1084?\u1077?

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-page-tr.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):947
                                                            Entropy (8bit):5.112714579448087
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDmnimjf1Iaq7roWLAIIcKHRkkjLLYF9IfZoYYEhwdUA6MJcCxQmBX2:5inJf1Is/cKxk++IfNJ6jnqCxQmF2
                                                            MD5:7C767E77CF32501F35888A14E2C617BB
                                                            SHA1:7BCB60CBF5EC7BCC3CB2206B4A0DE36CC78B92F8
                                                            SHA-256:3283E81732667A4A87C3DA1259240041EDD56BD93B4D27D78D8D8F8BF9823DB7
                                                            SHA-512:2F6CD1285FB503B2D2A97E10088D3321A9DFF239FABF4379965BCDA8E5C99D9E28BFEB686E5352936452D23F3F43BEF3D035D10443E0A9519968AF21D2BC6ADC
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset2 Symbol;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang9\b\f0\fs18 Yandex.Browser\b0 \emdash internette gezinmek i\'e7in basit ve kullan\u305?\u351?l\u305? bir yaz\u305?l\u305?m. Y\'fcksek y\'fckleme h\u305?z\u305?, sadece en \'e7ok i\u351?inize yarayacak butonlar ve sayfa g\'f6r\'fcnt\'fclemek i\'e7in geni\u351? alan. \par..\par..\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-360\li720\sl240\slmult1 H\u305?zl\u305? ve kullan\u305?\u351?l\u305?\par..{\pntext\f1\'B7\tab}Sevdi\u287?iniz siteler elinizin alt\u305?nda\par..{\pntext\f1\'B7\tab}H\u305?zland\u305?r\u305?lm\u305?\u351? sayfa y\'fcklenmesi (Turbo)\par..{\pntext\f1\'B7\tab}Dahili antivir\'fcs\par..{\pntext\f1\'B7\tab}Site \'e7evirmeni\par..{\pntext\f1\'B7\tab}Eski ayarlar\u305?n kolayca ta\u351?\u305?nmas\u305?\par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\elements-eula-ru.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):966
                                                            Entropy (8bit):4.829656691100329
                                                            Encrypted:false
                                                            SSDEEP:24:5qL6+eJf1IZMDr322WtoCfrc6V7vP1AfJ7ITh5S8IWW7vPjy9R:5m63JfoMH7CfoWYRg5XODyR
                                                            MD5:9B89832CB406F3E32365A4B948BFF0CD
                                                            SHA1:4560EE4A5A2459E9FA93A95F672DF0F99D5CE767
                                                            SHA-256:70BB171A009CC272C175E82F308B69E7E9616CC12849C84B413CAAAB2699A22D
                                                            SHA-512:044BE4E959DDB1AA0C17742AED99B347A5DB75EF555F0856D7FCB59CEDBFC0E2142370992E7D1713AB10841C3963F9274C4509175E97641971064A74C7B7B000
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset204 Segoe UI;}{\f1\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\f0\fs18\'d3\'f1\'f2\'e0\'ed\'e0\'e2\'eb\'e8\'e2\'e0\'ff \'f0\'e5\'ea\'ee\'ec\'e5\'ed\'e4\'f3\'e5\'ec\'ee\'e5 Lightshot \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'ed\'ee\'e5 \'ee\'e1\'e5\'f1\'ef\'e5\'f7\'e5\'ed\'e8\'e5, \'e2\'fb \'f1\'ee\'e3\'eb\'e0\'f8\'e0\'e5\'f2\'e5\'f1\'fc \'f1 \lang1033\f1{\field{\*\fldinst{HYPERLINK "http://legal.yandex.ru/desktop_software_agreement/"}}{\fldrslt{\cf1\ul\u1083?\u1080?\u1094?\u1077?\u1085?\u1079?\u1080?\u1086?\u1085?\u1085?\lang1049\f0\'fb\'ec\lang1033\f1 \u1089?\u1086?\u1075?\u1083?\u1072?\u1096?\u1077?\u1085?\lang1049\f0\'e8\'e5\'ec\f0 }}}\cf0\ulnone\f0\fs18 \'dd\'eb\'e5\'ec\'e5\'ed\'f2\'ee\'e2 \'df\'ed\'e4\'e5\'ea\'f1\'e0.\lang1033\f1{\field{\*\fldinst{HYPERLINK "\par.."}}{\fldrslt{\ul\cf1\par..}}}}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\elements-eula-tr.rtf (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):503
                                                            Entropy (8bit):5.23119778914356
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDmL6+fLlVN4oimjf8BPRU+uRWDD1AGAEb0Ei5cPxOM2:5iL6+ZVDJf8BpUDRWP1ApJhQYM2
                                                            MD5:535FE03D3775B0E7DBBBD184602DCDFF
                                                            SHA1:098BD08EDE2E78D99CD9AC6AE8B868D88082B0FB
                                                            SHA-256:CCBD55D1C18AE11A9C5FCDECD2638C46BFB02F1B4833382E8DADBB0E8BB16DD9
                                                            SHA-512:54AD75927D6291DF52FEAD443096E32061D070208D036D5AF380515C880FE74080DEBFB5AAD0855B62C6B563F16D824E8B706E20C790F49ED914FEBF6A5E3862
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red5\green99\blue193;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\lang1033\f0\fs18\'d6nerilen Lightshot yaz\u305?l\u305?m\u305?n\u305? kurarak Yandex Elements \cf1\ul{\field{\*\fldinst{HYPERLINK "http://legal.yandex.com.tr/desktop_software_agreement/"}}{\fldrslt{\cf2 lisans s\'f6zle\u351?}}}\cf0\ulnone\f0\fs18 mesini kabul etmi\u351? say\u305?l\u305?yorsunuz\par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-281D2.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):19662
                                                            Entropy (8bit):1.441795566796825
                                                            Encrypted:false
                                                            SSDEEP:24:aIfFQFR+mA+iHLkjSeLfU12W6Kayd6Mv4BpCozgOW26lJBWCvuYTMZj/H4NPHmak:aQSCVwGuF
                                                            MD5:3CC6DC168314869272D24653454523B8
                                                            SHA1:903392D3F4BE7449574587E0845BE94AB0163181
                                                            SHA-256:A8F8A3E92BF296475ABD363E513993AC30C22FBE8B449FEEEC1E4489C68309C2
                                                            SHA-512:CC506FAC3DF78D9200270F45E08E1193A5D5B57A5B2B9E0930D185469115C9B21815C6F763CBA4FCB833FBF35AF3050E9DC05C88B3F874399065447201B09091
                                                            Malicious:false
                                                            Preview:BM.L......6...(...r...9............L....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-2AOCI.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):43742
                                                            Entropy (8bit):5.040429235391265
                                                            Encrypted:false
                                                            SSDEEP:384:2y0XFGpdO6iyGGS9RMOB6Ko84rfjleYjhcA5xBHpny9Yl:2y0XPB6Ku7h/69Yl
                                                            MD5:588112797EA16A0C50DE14B89FDDE4FF
                                                            SHA1:E2C6D28D02D7DBEE5358C46ACB54A5782A0E068C
                                                            SHA-256:3CEFAA1EDB534A98F07C0353222D25076656DA804175DA42733E4B30B4144330
                                                            SHA-512:88E3E37029B9CD0DE06F3BC484F49A1BBAAE395DAC7A4A05D77803C1154BFCC00571D720A04C7DD7210B1C2DB2F019F330778403A266BD33E71F35B941798227
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi31507\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f38\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0502040204020203}Segoe UI;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times Ne

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-75OKA.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):2335
                                                            Entropy (8bit):4.228984227926747
                                                            Encrypted:false
                                                            SSDEEP:48:5pJf5UcPF/4wLw21jpBqUR3Qh8kbMSBlSr9txUum8UOwSs2:5Hf5UcPF/4wLw21jp4UR3MvMSrSr9tiY
                                                            MD5:0E5C451F9C309D96BEF2023350788316
                                                            SHA1:314D4BE7BB90B9519737687DA5FA74358E22D029
                                                            SHA-256:BAC74855DCE2ED5EAAF919B948913E596D813E3A93DA793F3B39B9A611DB2482
                                                            SHA-512:54CE5A65406F0440978BBD12C4A2102522268B9057781FCE169B0B3B25E5A65E006182C57F6565DA5D5DC87714A3C75214D9726F7E79BA3014885A826078CED7
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset204 Segoe UI;}{\f2\fnil\fcharset2 Symbol;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang1033\b\f0\fs18\u1071?\u1085?\u1076?\u1077?\u1082?\u1089?.\u1041?\u1088?\u1072?\u1091?\u1079?\u1077?\u1088? \b0\emdash \u1101?\u1090?\u1086? \u1087?\u1088?\u1086?\u1089?\u1090?\u1072?\u1103? \u1080? \u1091?\u1076?\u1086?\u1073?\u1085?\u1072?\u1103? \u1087?\u1088?\u1086?\u1075?\u1088?\u1072?\u1084?\u1084?\u1072? \u1076?\u1083?\u1103? \u1088?\u1072?\u1073?\u1086?\u1090?\u1099? \u1074? \u1080?\u1085?\u1090?\u1077?\u1088?\u1085?\u1077?\u1090?\u1077?. \u1041?\u1099?\u1089?\u1090?\u1088?\u1072?\u1103? \u1079?\u1072?\u1075?\u1088?\u1091?\u1079?\u1082?\u1072?, \u1090?\u1086?\u1083?\u1100?\u1082?\u1086? \u1089?\u1072?\u1084?\u1099?\u1077? \u1085?\u1091?\u1078?\u1085?\u1099?\u1077? \u1082?\u1085?\u1086?\u1087?\u1082?\u1080? \u1080? \u1084?\u1085?\u1086?\u1075?\u1086? \u1084?\u1077?

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-7AUPS.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):153558
                                                            Entropy (8bit):6.375820425661604
                                                            Encrypted:false
                                                            SSDEEP:3072:e8rI11XgelvDUbhKhPTifpZ69W3A4YEQfsK+Nto9ZDiVp7jl/3:ecI1Mbh6rkZM4T89W93
                                                            MD5:212974A3C3A7DCC2EF4790D77F6D76C5
                                                            SHA1:FE34EE96271DDB2A83302E1C21E717AABDE95F6A
                                                            SHA-256:25075C00C095053E4717A121A162D47B263D24124BFA7465820D8CC28426829A
                                                            SHA-512:6F494C71E128145245E9742DF7972E06790474FA1442FFE79D94939B4A934709C6D94CDAC0384BF88D3195E884EA2051A108623EC753CCF4A51D9A57B9310B7D
                                                            Malicious:false
                                                            Preview:BM.W......6...(.......8............W..................=66=66=66=66=66=66=66?76>66?76?86?76?76>66?76?76?76?76?76>76?76@76?76?76?76?66@76?76>66>66?76=66>76A76=66=65>76?76>76>76@76?76@76A87@76=76?76@76?75>75>76=65=65B86D;7>75>65>66?66?65?65?76?76?76A76@76@76@76A76@76@76>75=65?66>76>76?75>65@76?76=65?75?75>65?65?75?65?76?65?65?65>65>65=65=65=65>65?65=65=65=65?65?65=65>65?65?65>65>65>65>65>65=65>65>65>65>65>65?65>65>65?65?65?75>65?65?65=65>65@65@65?65>65?66@66?66?66@66@66@66@66?66?66@66@66@76@76?76@76@76?66?66@76@76@66@76@76@76@76@76@76@76@76@76=66=66<66=76@76?76=66>66>76?76?76?76>76>66?76?76@76B96@76?76@76?76?76?76?76@76A86?76>66>66=66=66>76A76>76<65?76@76>66=66?76?76@76A87?76=66>66@76@76@76@76?75=65?76@86=65>65?76>75>65?65>65?66@76B76A76@76@76A76@76@76>75<65E:7J=8>76=65?76@76?76>75?75?75?75?76@75?75>65?65?65?75?65=65=65=65>65>65>65=65>65=65=65>65=65>65>65?65?65>65>65>65>65=65=65?65>65=65=65?75?75>65?65?65?65?65>65>65?75@75?65?65?66?66@66@66@66@66@66@66@66@66?66?66@66@76@76@76?76?66A76C96A

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-7O4P8.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):153558
                                                            Entropy (8bit):1.5732731053320812
                                                            Encrypted:false
                                                            SSDEEP:768:WttFLkLhKEHIMjTGppwfljF0aEtm4l6lO55oUUb:WttFLWhKEHIMjTGppwfxSaEtlluOkUUb
                                                            MD5:13067A53C21EBF2042183584A40B4965
                                                            SHA1:24A960640271284FAF933B78BBD773B42306EB3F
                                                            SHA-256:A92DDCEBA09AD4E34CE4F5BC0A83E56D1E7B43369BE4C433D0CD9130C5E2A833
                                                            SHA-512:13165CFD4FE5762E80513A7D8D2EC0B89106EBB68D69D8B2919C6670BAB311004149CF19100F32DF8EB953AFD5828E71E756A77A37377C1202D860B57A39298D
                                                            Malicious:false
                                                            Preview:BM.W......6...(.......8............W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-CT4LJ.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):44434
                                                            Entropy (8bit):5.055502439168761
                                                            Encrypted:false
                                                            SSDEEP:384:Q8F4XeTZqx1hQYcgGGSM5U5hG5dVMO7fjle3zen1rCE2milny9mjj:Q8F4XOvhG5dVflCKr9mjj
                                                            MD5:5FBA621DDF04202D3E710EC5DAA249D3
                                                            SHA1:A5F387D431D5013779D57F76F46539D9086EC824
                                                            SHA-256:09324F2C5BE810B8362FEF56B88297FECCC535C074CD093C6F2115C03BC62577
                                                            SHA-512:E35445576768557984779D95F446FE564F038D16E2BCF4B66685DBC9452559BED984E625E45A05C7A5944729B90526E7500C7DE44E66EEE4E2BEE1AEF636BD52
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}.{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604030504040204}Tahoma;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \f

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-H1O5D.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):966
                                                            Entropy (8bit):4.829656691100329
                                                            Encrypted:false
                                                            SSDEEP:24:5qL6+eJf1IZMDr322WtoCfrc6V7vP1AfJ7ITh5S8IWW7vPjy9R:5m63JfoMH7CfoWYRg5XODyR
                                                            MD5:9B89832CB406F3E32365A4B948BFF0CD
                                                            SHA1:4560EE4A5A2459E9FA93A95F672DF0F99D5CE767
                                                            SHA-256:70BB171A009CC272C175E82F308B69E7E9616CC12849C84B413CAAAB2699A22D
                                                            SHA-512:044BE4E959DDB1AA0C17742AED99B347A5DB75EF555F0856D7FCB59CEDBFC0E2142370992E7D1713AB10841C3963F9274C4509175E97641971064A74C7B7B000
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset204 Segoe UI;}{\f1\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\f0\fs18\'d3\'f1\'f2\'e0\'ed\'e0\'e2\'eb\'e8\'e2\'e0\'ff \'f0\'e5\'ea\'ee\'ec\'e5\'ed\'e4\'f3\'e5\'ec\'ee\'e5 Lightshot \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'ed\'ee\'e5 \'ee\'e1\'e5\'f1\'ef\'e5\'f7\'e5\'ed\'e8\'e5, \'e2\'fb \'f1\'ee\'e3\'eb\'e0\'f8\'e0\'e5\'f2\'e5\'f1\'fc \'f1 \lang1033\f1{\field{\*\fldinst{HYPERLINK "http://legal.yandex.ru/desktop_software_agreement/"}}{\fldrslt{\cf1\ul\u1083?\u1080?\u1094?\u1077?\u1085?\u1079?\u1080?\u1086?\u1085?\u1085?\lang1049\f0\'fb\'ec\lang1033\f1 \u1089?\u1086?\u1075?\u1083?\u1072?\u1096?\u1077?\u1085?\lang1049\f0\'e8\'e5\'ec\f0 }}}\cf0\ulnone\f0\fs18 \'dd\'eb\'e5\'ec\'e5\'ed\'f2\'ee\'e2 \'df\'ed\'e4\'e5\'ea\'f1\'e0.\lang1033\f1{\field{\*\fldinst{HYPERLINK "\par.."}}{\fldrslt{\ul\cf1\par..}}}}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-I3RL7.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):503
                                                            Entropy (8bit):5.23119778914356
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDmL6+fLlVN4oimjf8BPRU+uRWDD1AGAEb0Ei5cPxOM2:5iL6+ZVDJf8BpUDRWP1ApJhQYM2
                                                            MD5:535FE03D3775B0E7DBBBD184602DCDFF
                                                            SHA1:098BD08EDE2E78D99CD9AC6AE8B868D88082B0FB
                                                            SHA-256:CCBD55D1C18AE11A9C5FCDECD2638C46BFB02F1B4833382E8DADBB0E8BB16DD9
                                                            SHA-512:54AD75927D6291DF52FEAD443096E32061D070208D036D5AF380515C880FE74080DEBFB5AAD0855B62C6B563F16D824E8B706E20C790F49ED914FEBF6A5E3862
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red5\green99\blue193;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\lang1033\f0\fs18\'d6nerilen Lightshot yaz\u305?l\u305?m\u305?n\u305? kurarak Yandex Elements \cf1\ul{\field{\*\fldinst{HYPERLINK "http://legal.yandex.com.tr/desktop_software_agreement/"}}{\fldrslt{\cf2 lisans s\'f6zle\u351?}}}\cf0\ulnone\f0\fs18 mesini kabul etmi\u351? say\u305?l\u305?yorsunuz\par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-IQOCQ.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):947
                                                            Entropy (8bit):5.112714579448087
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDmnimjf1Iaq7roWLAIIcKHRkkjLLYF9IfZoYYEhwdUA6MJcCxQmBX2:5inJf1Is/cKxk++IfNJ6jnqCxQmF2
                                                            MD5:7C767E77CF32501F35888A14E2C617BB
                                                            SHA1:7BCB60CBF5EC7BCC3CB2206B4A0DE36CC78B92F8
                                                            SHA-256:3283E81732667A4A87C3DA1259240041EDD56BD93B4D27D78D8D8F8BF9823DB7
                                                            SHA-512:2F6CD1285FB503B2D2A97E10088D3321A9DFF239FABF4379965BCDA8E5C99D9E28BFEB686E5352936452D23F3F43BEF3D035D10443E0A9519968AF21D2BC6ADC
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset2 Symbol;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang9\b\f0\fs18 Yandex.Browser\b0 \emdash internette gezinmek i\'e7in basit ve kullan\u305?\u351?l\u305? bir yaz\u305?l\u305?m. Y\'fcksek y\'fckleme h\u305?z\u305?, sadece en \'e7ok i\u351?inize yarayacak butonlar ve sayfa g\'f6r\'fcnt\'fclemek i\'e7in geni\u351? alan. \par..\par..\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-360\li720\sl240\slmult1 H\u305?zl\u305? ve kullan\u305?\u351?l\u305?\par..{\pntext\f1\'B7\tab}Sevdi\u287?iniz siteler elinizin alt\u305?nda\par..{\pntext\f1\'B7\tab}H\u305?zland\u305?r\u305?lm\u305?\u351? sayfa y\'fcklenmesi (Turbo)\par..{\pntext\f1\'B7\tab}Dahili antivir\'fcs\par..{\pntext\f1\'B7\tab}Site \'e7evirmeni\par..{\pntext\f1\'B7\tab}Eski ayarlar\u305?n kolayca ta\u351?\u305?nmas\u305?\par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-KB65G.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
                                                            Category:dropped
                                                            Size (bytes):502
                                                            Entropy (8bit):5.121102758665705
                                                            Encrypted:false
                                                            SSDEEP:12:5hFDm+6+floimjf1I0BPeM1Ai0IIxIKpVh4xqv92:5i+6+eJf1I0BV1ArIzwC42
                                                            MD5:7F0BD956E453C25C8EF118C07DE27651
                                                            SHA1:F8A076AC8A5CD1287E7399C613D786F5780FFD8F
                                                            SHA-256:7B6814D66EAADA437CC705757E546D0BB5431E74F24849EADE487F6676D866C5
                                                            SHA-512:A6C01CEDF4295FAEB019B24C0A78FF3EE58F227836554CDC8A632A1DA3D54043365C930558C124B3051AD3F2804C89EBD9A6622909E73FC76F7A1F56C1861E4D
                                                            Malicious:false
                                                            Preview:{\rtf1\ansi\ansicpg1251\deff0\deflang1049{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil\fcharset162 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sl240\slmult1\lang1033\f0\fs18 Yandex.Browser'\f1\'fd kurarak \f0{\field{\*\fldinst{HYPERLINK "http://legal.yandex.com.tr/browser_agreement/"}}{\fldrslt{\cf1\ul\f1 lisans s\'f6zle\'femesinin\f1 }}}\cf0\ulnone\f0\fs18 \f1 ko\'feullar\'fdn\'fd kabul etmi\'fe say\'fdl\'fdyorsunuz.\f0 \par..}...

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-QUFDK.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
                                                            Category:dropped
                                                            Size (bytes):44258
                                                            Entropy (8bit):5.053517583827171
                                                            Encrypted:false
                                                            SSDEEP:384:Q8FqXeTZqx1hQYcgGGSM5U5hGh7/Pfjle3zen1rCE2milny9mjG:Q8FqXOvhGh7/xlCKr9mjG
                                                            MD5:0817D3433357D14D8348C18ABA8A79F0
                                                            SHA1:BADC52324052DB9AF338148005C0D78BE518C40A
                                                            SHA-256:0019007478955A4C1388D35B30F8749EF999C5C94050E6FD02762DC2EEA67DE5
                                                            SHA-512:99475B43980E4BC8A7C9433E9DE839F07463763BAD5457075D84C6424A8FA7D5E1EE7DFD6858E4515779AA7AC0C3BD428F483A10B35C722CDC6AE3B8BA848C75
                                                            Malicious:false
                                                            Preview:{\rtf1\adeflang1025\ansi\ansicpg1251\uc1\adeff0\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1049\deflangfe1049\themelang1049\themelangfe0\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset204\fprq2{\*\panose 020b0604020202020204}Arial;}.{\f34\fbidi \froman\fcharset204\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0502020204030204}Calibri;}{\f42\fbidi \fswiss\fcharset204\fprq2{\*\panose 00000000000000000000}Tahoma;}.{\flomajor\f31500\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\fhimajor\f31502\fbidi \fswiss\fcharset204\fprq2{\*\panose 020f0302020204030204}Calibri Light;}{\fbimajor\f31503\fbidi \froman\fcharset204\fprq2{\*\panose 02020603050405020304}Times New Roman;}.{\flominor\f31504\fbidi \f

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-RL95I.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):19662
                                                            Entropy (8bit):1.4555117673145326
                                                            Encrypted:false
                                                            SSDEEP:192:3o8kfYZtH4l7ZQKKOnOkxa1DDdNxRr/GufQEz:+C/Jb
                                                            MD5:3F00F6F1AB01507980A28AA91AE6625A
                                                            SHA1:3A78501B44B76F2AB84605D29F5CAB8C90AFEC91
                                                            SHA-256:48BCD5445A3A859F0AAF6EA5FE17BFD1EC9D479F59D0CE37FE6C7CBC4362440C
                                                            SHA-512:A83AAE34AAE256287B3FC144FED207B6DF277CF5952D62951FB991FB73BB68A70A9465881CFC5D7B369A99BC6046C5C15914E277567D99338F5C062A486C63E9
                                                            Malicious:false
                                                            Preview:BM.L......6...(...r...9............L....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):886032
                                                            Entropy (8bit):7.8805228210212706
                                                            Encrypted:false
                                                            SSDEEP:12288:hadLWDN888888888888W88888888888C9Y8R4TNxZIItPZnQ9LUgsV+HFcsz9v8z:0BWiOV6QRgL/Hbz9v8IBH31/Dzj92M2
                                                            MD5:843D23F6AAB075A3C032B06D30CE9C5D
                                                            SHA1:8E9F98E609DB50EE6167A76B6AE1CA7886E6C866
                                                            SHA-256:088F048EE972EF80BD527E301431C1AD7E46D0C994AD8A2B586C4FA6D86AC399
                                                            SHA-512:101CC5A0A5C927ADAC497CF901EBFCB73BD92EEC0B8855C8FA0AAB0BB0411DCB5CC3271B6F73C0FDF6238A21DF30871AFCDDF5BD8F0164DDAF8ACD72D14A7DB4
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W..................................... ....@..........................p.......?....@......@......................................H...........xn...............................................................................................text...D........................... ..`.itext..d........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc...H............(..............@..@....................................@..@........................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_browser_setup_ru.bmp (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):153558
                                                            Entropy (8bit):1.5732731053320812
                                                            Encrypted:false
                                                            SSDEEP:768:WttFLkLhKEHIMjTGppwfljF0aEtm4l6lO55oUUb:WttFLWhKEHIMjTGppwfxSaEtlluOkUUb
                                                            MD5:13067A53C21EBF2042183584A40B4965
                                                            SHA1:24A960640271284FAF933B78BBD773B42306EB3F
                                                            SHA-256:A92DDCEBA09AD4E34CE4F5BC0A83E56D1E7B43369BE4C433D0CD9130C5E2A833
                                                            SHA-512:13165CFD4FE5762E80513A7D8D2EC0B89106EBB68D69D8B2919C6670BAB311004149CF19100F32DF8EB953AFD5828E71E756A77A37377C1202D860B57A39298D
                                                            Malicious:false
                                                            Preview:BM.W......6...(.......8............W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_browser_setup_tr.bmp (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):153558
                                                            Entropy (8bit):6.375820425661604
                                                            Encrypted:false
                                                            SSDEEP:3072:e8rI11XgelvDUbhKhPTifpZ69W3A4YEQfsK+Nto9ZDiVp7jl/3:ecI1Mbh6rkZM4T89W93
                                                            MD5:212974A3C3A7DCC2EF4790D77F6D76C5
                                                            SHA1:FE34EE96271DDB2A83302E1C21E717AABDE95F6A
                                                            SHA-256:25075C00C095053E4717A121A162D47B263D24124BFA7465820D8CC28426829A
                                                            SHA-512:6F494C71E128145245E9742DF7972E06790474FA1442FFE79D94939B4A934709C6D94CDAC0384BF88D3195E884EA2051A108623EC753CCF4A51D9A57B9310B7D
                                                            Malicious:false
                                                            Preview:BM.W......6...(.......8............W..................=66=66=66=66=66=66=66?76>66?76?86?76?76>66?76?76?76?76?76>76?76@76?76?76?76?66@76?76>66>66?76=66>76A76=66=65>76?76>76>76@76?76@76A87@76=76?76@76?75>75>76=65=65B86D;7>75>65>66?66?65?65?76?76?76A76@76@76@76A76@76@76>75=65?66>76>76?75>65@76?76=65?75?75>65?65?75?65?76?65?65?65>65>65=65=65=65>65?65=65=65=65?65?65=65>65?65?65>65>65>65>65>65=65>65>65>65>65>65?65>65>65?65?65?75>65?65?65=65>65@65@65?65>65?66@66?66?66@66@66@66@66?66?66@66@66@76@76?76@76@76?66?66@76@76@66@76@76@76@76@76@76@76@76@76=66=66<66=76@76?76=66>66>76?76?76?76>76>66?76?76@76B96@76?76@76?76?76?76?76@76A86?76>66>66=66=66>76A76>76<65?76@76>66=66?76?76@76A87?76=66>66@76@76@76@76?75=65?76@86=65>65?76>75>65?65>65?66@76B76A76@76@76A76@76@76>75<65E:7J=8>76=65?76@76?76>75?75?75?75?76@75?75>65?65?65?75?65=65=65=65>65>65>65=65>65=65=65>65=65>65>65?65?65>65>65>65>65=65=65?65>65=65=65?75?75>65?65?65?65?65>65>65?75@75?65?65?66?66@66@66@66@66@66@66@66@66?66?66@66@76@76@76?76?66A76C96A

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_logo_en.bmp (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):19662
                                                            Entropy (8bit):1.4555117673145326
                                                            Encrypted:false
                                                            SSDEEP:192:3o8kfYZtH4l7ZQKKOnOkxa1DDdNxRr/GufQEz:+C/Jb
                                                            MD5:3F00F6F1AB01507980A28AA91AE6625A
                                                            SHA1:3A78501B44B76F2AB84605D29F5CAB8C90AFEC91
                                                            SHA-256:48BCD5445A3A859F0AAF6EA5FE17BFD1EC9D479F59D0CE37FE6C7CBC4362440C
                                                            SHA-512:A83AAE34AAE256287B3FC144FED207B6DF277CF5952D62951FB991FB73BB68A70A9465881CFC5D7B369A99BC6046C5C15914E277567D99338F5C062A486C63E9
                                                            Malicious:false
                                                            Preview:BM.L......6...(...r...9............L....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_logo_ru.bmp (copy)

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            File Type:PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):19662
                                                            Entropy (8bit):1.441795566796825
                                                            Encrypted:false
                                                            SSDEEP:24:aIfFQFR+mA+iHLkjSeLfU12W6Kayd6Mv4BpCozgOW26lJBWCvuYTMZj/H4NPHmak:aQSCVwGuF
                                                            MD5:3CC6DC168314869272D24653454523B8
                                                            SHA1:903392D3F4BE7449574587E0845BE94AB0163181
                                                            SHA-256:A8F8A3E92BF296475ABD363E513993AC30C22FBE8B449FEEEC1E4489C68309C2
                                                            SHA-512:CC506FAC3DF78D9200270F45E08E1193A5D5B57A5B2B9E0930D185469115C9B21815C6F763CBA4FCB833FBF35AF3050E9DC05C88B3F874399065447201B09091
                                                            Malicious:false
                                                            Preview:BM.L......6...(...r...9............L....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-S06D3.tmp\_isetup\_setup64.tmp

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):6144
                                                            Entropy (8bit):4.720366600008286
                                                            Encrypted:false
                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp

                                                            Download File
                                                            Process:C:\Users\user\Desktop\setup-lightshot 1.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1558952
                                                            Entropy (8bit):6.277445125803931
                                                            Encrypted:false
                                                            SSDEEP:24576:2nbbPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtV5Gqx9fh:8HeKh4nqzF3PYdStVRz
                                                            MD5:C6BFFD4DA620B07CB214F1BD8E7F21D2
                                                            SHA1:054221DC0C8A686E0D17EDD6E02C06458B1395C3
                                                            SHA-256:55DBB288D5DF6DF375487BAE50661DBF530FD43A7E96017B7183A54DB8FC376A
                                                            SHA-512:91E50DF87A6E42B01E24ACCEAD25726047A641C3960FA3336F560168ED68356E6992D289A0A71B629D74AD7B00BBDBF7E6E909A4C8B5B1616FBF3B0CC63210AB
                                                            Malicious:false
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 2%
                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Rm"[.............................%.......0....@..........................p......X.....@......@..............................@8...@...'...................................................0.......................................................text............................... ..`.itext.............................. ..`.data....0...0...2..................@....bss.....a...p.......L...................idata..@8.......:...L..............@....tls....<.... ...........................rdata.......0......................@..@.rsrc....'...@...(..................@..@....................................@..@........................................................................................................................................

                                                            C:\Users\user\AppData\Local\UserProducts.xml

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:XML 1.0 document, ASCII text, with very long lines (424), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):424
                                                            Entropy (8bit):4.956217688022181
                                                            Encrypted:false
                                                            SSDEEP:12:TM3i0bh9iFcXNR9gPu2QLd2HoFHiU0fMPOJa29MBz7Rwb:qRbLvD9gGlfFHiwOJa2OBzdu
                                                            MD5:6864F3472C774CC795E785775FAC5298
                                                            SHA1:E029DBCD44A34E3D3F2A33A42E975E51A5AE9933
                                                            SHA-256:2F8331AAB29CDCC1302B2AF90A2BEF197B14DC79CFC62A9412C56616EEFD2693
                                                            SHA-512:3520163FF01C39824CEFDA2B31C45EE9ADE9C284353D7E33E2D2E7C2303DF339FC0D0AB011186843C485B40871936419BBFC61CAEE0F3A1B6F513AD2EFFD1B02
                                                            Malicious:false
                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><products><product friendlyname='Lightshot' installurl='' intname='lightshot' needadmin='no' productdir='C:\Program Files (x86)\Skillbrains\lightshot' uninstall='C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe' updateurl='http://updater.prntscr.com/getver/lightshot' version='5.5.0.7'><registryactions></registryactions><unistallactions></unistallactions></product></products>

                                                            C:\Users\user\AppData\Local\updater.log

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:Unicode text, UTF-8 text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):3
                                                            Entropy (8bit):1.584962500721156
                                                            Encrypted:false
                                                            SSDEEP:3:g:g
                                                            MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
                                                            SHA1:57218C316B6921E2CD61027A2387EDC31A2D9471
                                                            SHA-256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
                                                            SHA-512:37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
                                                            Malicious:false
                                                            Preview:.

                                                            C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\1[1].gif

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:GIF image data, version 89a, 1 x 1
                                                            Category:dropped
                                                            Size (bytes):43
                                                            Entropy (8bit):2.7374910194847146
                                                            Encrypted:false
                                                            SSDEEP:3:CU9yltxlHh/:m/
                                                            MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                            SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                            SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                            SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                            Malicious:false
                                                            Preview:GIF89a.............!.......,...........D..;

                                                            C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\updater[1].xml

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:XML 1.0 document, ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):181
                                                            Entropy (8bit):4.810979349845885
                                                            Encrypted:false
                                                            SSDEEP:3:vFWWMNCmXyKgCC6buVBERrLEIgkuyWQCuXCsVOXKvHiLQRAtRdbJBNWVIQrEsLh9:TM3i0bK4sIgOjS6OXGiUaPhWVvhWdnoT
                                                            MD5:AE4F7437A2DFEE6B87F2A6A011CC6625
                                                            SHA1:2FFF75CD2DE536DCC1CE139F376A4DC6A1D5409E
                                                            SHA-256:EBE25600D44F1F798ADA4B3B62001FD96D7A5E466125484568C3241508BF46C6
                                                            SHA-512:E5208E420819E7F4817650A8D16662B4D646978097CE825757D29B397DCCDE738A13527CF9FE249E3E49749C31F5A1010DA3751FBC84D54AA4D80DA66D5D2FC5
                                                            Malicious:false
                                                            Preview:<?xml version='1.0' encoding='UTF-8'?><update intname='updater' version='1.8.0.0' installerurl='http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe' whatsnewurl=''></update>

                                                            C:\Windows\Tasks\update-S-1-5-21-2246122658-3693405117-2476756634-1002.job

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):406
                                                            Entropy (8bit):3.610719570349814
                                                            Encrypted:false
                                                            SSDEEP:12:OVmoabdpY2UsuzjzvYR9LddNEw7qlZVxt:ddmXvAl3Ew7qn
                                                            MD5:7B5931B2F468F8A94A8206DE6D115C1D
                                                            SHA1:CCDDE46C1A3850FC6287F66EC6D5FF4C0D6E2A03
                                                            SHA-256:B68ED456C08760D3AEA33EEE4D0081A96059382DA5311BD29C8AE8B0FEB68900
                                                            SHA-512:C4518BA1D1C84AAF87928C7F339D737409C1A8FD0CAAEE0EDA59DEEF933C3E2D2C1474F4C0DA705C0F9220D40CC11CAFCCF16D6B68812EAD015BDD2A702A2324
                                                            Malicious:false
                                                            Preview:.....[.5...N..n.?.A'F.d.....<... ................$....................7.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.U.p.d.a.t.e.r.\.U.p.d.a.t.e.r...e.x.e.....-.r.u.n.m.o.d.e.=.c.h.e.c.k.u.p.d.a.t.e.......J.O.N.E.S.-.P.C.\.j.o.n.e.s...).T.h.i.s. .w.i.l.l. .k.e.e.p. .y.o.u.r. .s.o.f.t.w.a.r.e. .u.p. .t.o. .d.a.t.e...................0.................2.............................

                                                            C:\Windows\Tasks\update-sys.job

                                                            Download File
                                                            Process:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):406
                                                            Entropy (8bit):3.5832287835056515
                                                            Encrypted:false
                                                            SSDEEP:6:l5+l+8ffbdlrY2U7ZAOPVtdpwX+myjgsW2YRK0hWclfa8flEwQMpElGuy0lbN11:jDmfbdpY2UsuzjzvYR9LddNEw7qlZVZ
                                                            MD5:F9ACA161306A0A639BF5781EF4ABD5EF
                                                            SHA1:1D68087643DF2D9D4ACA21B3860F3620DC01A27F
                                                            SHA-256:40AABECEDB2E603C5290F1F0C8B3F6F4D0D1F62327AD7398F450E71156A3C973
                                                            SHA-512:7E7D13CF32D3180A44FF4889C53E7EA5E11686A781CEA2CD7F0B8001A03DBC6AA067905E4FF54DC3827BF213716941C11757463923178EA538FCB1D1CC0D3F2E
                                                            Malicious:false
                                                            Preview:......g.o..L....)...F.d.....<... .....................................7.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.k.i.l.l.b.r.a.i.n.s.\.U.p.d.a.t.e.r.\.U.p.d.a.t.e.r...e.x.e.....-.r.u.n.m.o.d.e.=.c.h.e.c.k.u.p.d.a.t.e.......J.O.N.E.S.-.P.C.\.j.o.n.e.s...).T.h.i.s. .w.i.l.l. .k.e.e.p. .y.o.u.r. .s.o.f.t.w.a.r.e. .u.p. .t.o. .d.a.t.e...................0.................%.............................

                                                            Chrome Cache Entry: 171

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):785
                                                            Entropy (8bit):7.641318134407437
                                                            Encrypted:false
                                                            SSDEEP:12:6v/729B5Wg2beBCOsiGZPoZa42d7PFIXLe0wThnkisIWSG/0sXg:egHLDYwZa4GFiAtnN900l
                                                            MD5:6BD3F88E01EB15F7EA618FBB67988516
                                                            SHA1:7654D401EF2C510D264294FB6D79BE0214E39FEF
                                                            SHA-256:E7E275560FADB61973FDF41659819CF531978DAB3011054567A84EEF847DBF8A
                                                            SHA-512:A6831F45A9CDB4C3D7DA09B1F146E8553E885523829CDEA91B6982A9776700AB4BEA7062CD5814D384A038AFF83BDE5D3EB1C1547A650A991249EE70BD5B932C
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...)...)......`......IDATx..[O.Q....X+.R.....m..N..[.)........-..V.Q1D.c./......O[f.C..).d.sV.ev..Y]9i.E.<.F$..:HE.z9.....L..` O?.....>..NB..F.(R.C..>..`c....z..uX#E...Gi..9.}.-...8........F..zEW>...)t........&......v@p........`p......#?&kd...Q....h.m5?~L.."............j...\.:..........lck ..c.F...~l.(.8-......u..X.e..;..9k@.."A..?[...;.}...T.0...3.....;.Gu.>.....Zx...Jw...h5.}..../..).c.2..w...Bp.ew.{.-.s.~..1...BsJ..[...w.l.Aj.......I......3..K$....m........&..?[.+.1r.)......[{r.....o./<B.}.....-Z.#......^[T......V.e..>..m.w(.mP....].....\.M...j..V*\.;...[8.U.....u.j.-...o..6....*....2..<.........V.j.s&5./._.=..mo..x...4n....i.,..d.;}...c..+.....@...U....L.`..@.Q.~8~..T.C...L".A-.e8....n....... ..x....?..A...k.....IEND.B`.

                                                            Chrome Cache Entry: 172

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):5608
                                                            Entropy (8bit):7.9503652928289075
                                                            Encrypted:false
                                                            SSDEEP:96:uO85X1Sp63sE5XLvDivv/AwMcFuye6h8PEY8G0v9l79PzC+l15b4udIgmDA1:ax1+usE57binjjuyeCDY8Gu9l5BLbZvf
                                                            MD5:E3BB20E3FA684B9F2ACC6AD5C85EA876
                                                            SHA1:2F9C51038C529BA47F7C16143A6A0E3A6A039C13
                                                            SHA-256:86A1B8F94F48C4E82D2616D4C581F10A34FF447A2BD95BE08714FA0D19BA3F51
                                                            SHA-512:865B8555FC497D21F75B3F5508E5DC48F540D360D655652DF7A186364A425176D56D500DB3171D7B6725FCB611E64320A032CE9F6F5AE93E6C71F1A4629103F3
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/page-bg.png
                                                            Preview:RIFF....WEBPVP8L..../..'..7............`..:r>.T.......?.....m.F.../.$..)..v3...@.P.P.Y..VIsvai.PM..x.mS.b".VBD.im.n....B..M..$^..b..6..`.{PLM.....2...T.kW-..Dlg.....f.5.5.*.-_8a.J..q]t..[{..{.q......:s....G....T\!.V{...V.X.....e......_..K.vf.9..r...N ..8..#~dD.ty....8..~..o.s."...3...u.L..]..73.*'F.....H.d.w....i..C7..9..........~ -......E...67K.S.bZ....Xz`deV..*.;$.#jZb.Kny_..]K.Y...o1.F..>..Mf.!:......j.....z......v....../..b....g..X..q_..`OcS.h.1z.C.<v=.....7.2G....*..mjH0Fn...q&).|..fJ...%...0.}m?s....;.[...P~K....9..Z.d;\..n..w`....-..9S.s......../.......'.....m...Z....0.k......)`3.!k..<.5.A...C.C.z4MMJ1w.V.......1..xP,.....J.$...B.4.:.t...s..T...D.G....4.(..rU.6C.[...@....K)..cM..R..kh.(.V..<."...Q.v...N.P.t..2._..RE...oJ.~.|>..5...(..X...C...Q...U.(.......:t{....^~PN...}m....F..(..J...ll:.1...C.r../.c.B.....\X..vq...}.h.....Y..f.fAi_...Z..d..u.u.l..W..D..T..#.....B..Kx..."...<*..Y"..p.@.../.2..^.f.......9E.!0..\..X7-2s....v...|.c.m..S.....

                                                            Chrome Cache Entry: 173

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (5945)
                                                            Category:downloaded
                                                            Size (bytes):267160
                                                            Entropy (8bit):5.572416496466665
                                                            Encrypted:false
                                                            SSDEEP:6144:E3OpmFU7eli04d7G3BsEemveZNoH0fxnQ6:i3W7e4nhiq7
                                                            MD5:3EC25C6CF9738C4E3DBE5D07D9A69075
                                                            SHA1:AC0F0299AD52EBB56DFDD2672A62DAA885D70DD6
                                                            SHA-256:36B8BC946A030CFB6514D1BCDCB44C9C6BF45916F782A36013D922F4F06B5531
                                                            SHA-512:35F19FBC4EF0DD884F83870C85D6F9E29B095854CEF21C58FFC6672CF3E5A6F74556217638673564C21809ED1DECCA099C08148D9BD46766000F64C6A7AF9F2B
                                                            Malicious:false
                                                            URL:https://www.googletagmanager.com/gtag/js?id=G-0DR1D0LZJH&cx=c&_slc=1
                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":6,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_las

                                                            Chrome Cache Entry: 174

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):548
                                                            Entropy (8bit):4.660801881684815
                                                            Encrypted:false
                                                            SSDEEP:12:TvgsoCVIogs01lI5r8INGlTF5TF5TF5TF5TF5TFK:cEQtnDTPTPTPTPTPTc
                                                            MD5:4B074B0B59693FA9F94FB71B175FB187
                                                            SHA1:0004D4F82B546013424B2E0DE084395071EEF98B
                                                            SHA-256:25FB23868EBF48348F9E438E00CB9B9D9B3A054F32482A781C762CC4F9CC6393
                                                            SHA-512:F928E9FAA0BC776FC5D8A0326981853709D437B7B1C2E238894BFB2ACBB627442C425CBB00D369C52D15876B6C795E67F7580341686696D569A908A6ADD4B444
                                                            Malicious:false
                                                            Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                                                            Chrome Cache Entry: 175

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (991)
                                                            Category:downloaded
                                                            Size (bytes):70762
                                                            Entropy (8bit):5.379142289452726
                                                            Encrypted:false
                                                            SSDEEP:1536:N4Ibk/LwpfY/Gv2jhgK4CGSOcdO94OD7zfAmR:N4k9pQ+vShmD7LAg
                                                            MD5:71B73BDDCA9A2BFCF16DE24E253D1812
                                                            SHA1:E3E88CE7260C95C5F9F30462013D5FFE61746E44
                                                            SHA-256:E3D2AC9E0AFBC83F6B4C39CFF3DB79ECF892DF90B8C874BD0E2A43BA1B1C3069
                                                            SHA-512:7F7C0CC3A84DCD9DAB8808934A2983A74A4E47A00858BFBF6FCEC01CFC7A6C0DC96BCFD6A4C7F4875358EC14B17C05ACD16C617DA983B6B38DBA84A0F623AD88
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/js/script.mix.js
                                                            Preview:var $jscomp={scope:{},findInternal:function(c,b,a){c instanceof String&&(c=String(c));for(var d=c.length,e=0;e<d;e++){var g=c[e];if(b.call(a,g,e,c))return{i:e,v:g}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(c,b,a){if(a.get||a.set)throw new TypeError("ES3 does not support getters and setters.");c!=Array.prototype&&c!=Object.prototype&&(c[b]=a.value)};.$jscomp.getGlobal=function(c){return"undefined"!=typeof window&&window===c?c:"undefined"!=typeof global?global:c};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(c,b,a,d){if(b){a=$jscomp.global;c=c.split(".");for(d=0;d<c.length-1;d++){var e=c[d];e in a||(a[e]={});a=a[e]}c=c[c.length-1];d=a[c];b=b(d);b!=d&&null!=b&&$jscomp.defineProperty(a,c,{configurable:!0,writable:!0,value:b})}};.$jscomp.polyfill("Array.prototype.find",function(c){return c?c:function(b,a){return $jscomp.findInternal(this,b,a).v}},"es6-impl","es3");$jscomp.polyfill("Array.protot

                                                            Chrome Cache Entry: 176

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (566)
                                                            Category:dropped
                                                            Size (bytes):8236
                                                            Entropy (8bit):5.155021393344165
                                                            Encrypted:false
                                                            SSDEEP:192:OIb3E8RTRORPRprIDovneTnr54kmBpuxQ:tb3E81Y5YDxcpuq
                                                            MD5:0A5DF0D66EEC5A3C05C270C434853CFA
                                                            SHA1:7B9C63F2767CB2344698A8C07AB2FE7A8608985F
                                                            SHA-256:1B185D89E437F1591AF8C51D5E6DAD41D3666E22A81931EE9DF22E2CFDACADDB
                                                            SHA-512:C75C9A62414A06F3F4AA111413C5952FA5E04FE772625F4752CE3A40D46EE6C9E0FAA9EE38788631DAE821D93754122A68C9153C386CBD74AB7BE66B491792ED
                                                            Malicious:false
                                                            Preview:(function(a,d){"function"==typeof define&&define.amd?define(["jquery"],d):d(a.jQuery)})(this,function(a){var d=navigator.userAgent,k=/Edge/i.test(d),h=function(b){this.origHtmlMargin=parseFloat(a("html").css("margin-top"));this.options=a.extend({},a.smartbanner.defaults,b);b=navigator.standalone;this.options.force?this.type=this.options.force:null!==d.match(/Windows Phone/i)&&null!==d.match(/Edge|Touch/i)?this.type="windows":null!==d.match(/iPhone|iPod/i)||d.match(/iPad/)&&this.options.iOSUniversalApp?.null!==d.match(/Safari/i)&&(null!==d.match(/CriOS/i)||null!=d.match(/FxiOS/i)||6>window.Number(d.substr(d.indexOf("OS ")+3,3).replace("_",".")))&&(this.type="ios"):d.match(/\bSilk\/(.*\bMobile Safari\b)?/)||d.match(/\bKF\w/)||d.match("Kindle Fire")?this.type="kindle":null!==d.match(/Android/i)&&(this.type="android");if(this.type&&!b&&!this.getCookie("sb-closed")&&!this.getCookie("sb-installed")&&(this.scale="auto"==this.options.scale?a(window).width()/window.screen.width:this.options.sca

                                                            Chrome Cache Entry: 177

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 626 x 20, 8-bit gray+alpha, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):638
                                                            Entropy (8bit):7.5508537756216025
                                                            Encrypted:false
                                                            SSDEEP:12:6v/79hI00tPVn8rtA3RtpRvL+JHy5i80UpPyV1zAIRDZBkCwvdlmaMh:eoR0A33phL+JmItwllm9
                                                            MD5:9FCBD4380E75236CCA3DA2C42A02BE96
                                                            SHA1:D139D21026416BF4FBC8C0AD6F75C5B42714647F
                                                            SHA-256:3D3C1A572462A8F1CE35F89C15A0DCF2A63EF4F4E57314FF3340586D0495B1F7
                                                            SHA-512:3C0DF68B63503CA636FA386DF1B877348BD921C7A6ABDB45E703F27A427680FB0FEB07353EE5F719E6E8B5D50EA1D68A2238B246A732490F8D344A8CA789036A
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/shadow-top.png
                                                            Preview:.PNG........IHDR...r............p...EIDATx...n.0.C..............VJH..r.vJ_..f.m.<..]G..Em...e:'.I/.......G.....:..B.q.....F...,.....T.7.T....u.......vV|......q....!b...H.........y.B.n$....;.xj...1...R.!/h:.<M...?. ..sg.'.M.hu1...X+....L.../@...!..'..,..#...V.7.....LC.._.{r.i?n....Q.....@4..)...fB[[..Y.C..:|....o......%..E..H+ M.X..U....w,...wm0....u.......<#d....\....a{4B..Wy..t .......Y..bGY R.Wy.4z6X..zY..q.K.`.\...X*...Y|..&6..;2.,..3^........r.mSD"......j....p...k.v..Q...mx3..A../<..a!h.n......./.........E..\......m...*.../C.....V... ..o.......QKP.L.O..D..@0..:...(..x.......V+...V^....IEND.B`.

                                                            Chrome Cache Entry: 178

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 text, with very long lines (65480)
                                                            Category:downloaded
                                                            Size (bytes):93435
                                                            Entropy (8bit):5.372924511876392
                                                            Encrypted:false
                                                            SSDEEP:1536:bYUfBybwh3KRI83RExoulFXo7CkSsz/G0bSVze/3260eMSTC5bqYKKhwFvxizJSM:XIi3kIP9kSsgo/ZvxYrtPTKCNtHyUtCg
                                                            MD5:0B6ECF17E30037994D3FFEE51B525914
                                                            SHA1:D09D3A99ED25D0F1FBE6856DE9E14FFD33557256
                                                            SHA-256:F554D2F09272C6F71447EBFE4532D3B1DD1959BCE669F9A5CCC99E64EF511729
                                                            SHA-512:468C0F964014D76EC5966F5589B2CCC0A7B5F3E8A785134897DFA282A3E6824CE9A75584C9404B77A6962FEF99547356AABE8AA71A6499E2568B9DE792D90579
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/js/jquery.1.8.2.min.js
                                                            Preview:/*! jQuery v1.8.2 jquery.com | jquery.org/license */.(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba(){return!1}function bb(){return!0}function bh(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function bi(a,b){do a=a[b];while(a&&a.nodeType!==1);return a}function bj(a,b,c){b=b||0;if(p.isFunction(b))return p.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return p.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=p.grep(a,function(a){return a.nodeType===1});if(be.test(b))return p.filter(b,d,!c);b=p.filter(b,

                                                            Chrome Cache Entry: 179

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (19948), with no line terminators
                                                            Category:dropped
                                                            Size (bytes):19948
                                                            Entropy (8bit):5.261902742187293
                                                            Encrypted:false
                                                            SSDEEP:384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65
                                                            MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                                            SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                                            SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                                            SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                                            Malicious:false
                                                            Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                                            Chrome Cache Entry: 180

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (566)
                                                            Category:downloaded
                                                            Size (bytes):8236
                                                            Entropy (8bit):5.155021393344165
                                                            Encrypted:false
                                                            SSDEEP:192:OIb3E8RTRORPRprIDovneTnr54kmBpuxQ:tb3E81Y5YDxcpuq
                                                            MD5:0A5DF0D66EEC5A3C05C270C434853CFA
                                                            SHA1:7B9C63F2767CB2344698A8C07AB2FE7A8608985F
                                                            SHA-256:1B185D89E437F1591AF8C51D5E6DAD41D3666E22A81931EE9DF22E2CFDACADDB
                                                            SHA-512:C75C9A62414A06F3F4AA111413C5952FA5E04FE772625F4752CE3A40D46EE6C9E0FAA9EE38788631DAE821D93754122A68C9153C386CBD74AB7BE66B491792ED
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/js/jquery.smartbanner.js
                                                            Preview:(function(a,d){"function"==typeof define&&define.amd?define(["jquery"],d):d(a.jQuery)})(this,function(a){var d=navigator.userAgent,k=/Edge/i.test(d),h=function(b){this.origHtmlMargin=parseFloat(a("html").css("margin-top"));this.options=a.extend({},a.smartbanner.defaults,b);b=navigator.standalone;this.options.force?this.type=this.options.force:null!==d.match(/Windows Phone/i)&&null!==d.match(/Edge|Touch/i)?this.type="windows":null!==d.match(/iPhone|iPod/i)||d.match(/iPad/)&&this.options.iOSUniversalApp?.null!==d.match(/Safari/i)&&(null!==d.match(/CriOS/i)||null!=d.match(/FxiOS/i)||6>window.Number(d.substr(d.indexOf("OS ")+3,3).replace("_",".")))&&(this.type="ios"):d.match(/\bSilk\/(.*\bMobile Safari\b)?/)||d.match(/\bKF\w/)||d.match("Kindle Fire")?this.type="kindle":null!==d.match(/Android/i)&&(this.type="android");if(this.type&&!b&&!this.getCookie("sb-closed")&&!this.getCookie("sb-installed")&&(this.scale="auto"==this.options.scale?a(window).width()/window.screen.width:this.options.sca

                                                            Chrome Cache Entry: 181

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 88 x 19, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):699
                                                            Entropy (8bit):7.6285723309981615
                                                            Encrypted:false
                                                            SSDEEP:12:6v/78rkguDnTkzxanZ6hg5KOFQAbF6HLiTaJEX9yNscdIY5k1dR6telL4OP9R1:XkgQ0goch00EYY5k1P6t6zPf1
                                                            MD5:EAAEECF00EA9FD0E9F0009D7FC498405
                                                            SHA1:F2C07AE518CF74FE05F81D91A25B8F0576760A4B
                                                            SHA-256:18CA87F7C4D792E66165F603AB333402EE49C06324C66F2825B08D12A2DE39FA
                                                            SHA-512:B8386130A3D3941547A1A1394DFE8C5AF9AE17EF13049206955F556AC7D326018E471DB26517893D4D8DFDB53E05C7BAD2CC66418E5D0D356D85B790E8AB4AC1
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...X.................IDATx.....@......8...X..)|.t.V....4../.'.o+..,.P.....+...-.........p.]V.......|s..9'{..c...y.O.N...TD.....9....ip.ES......SK.....9....d..N?.u Vd..q.p` .&1hE$..p..'."...pR..e.y6.D....E.&}f2.....6....\.U;.....)X8.$._...h......q.[....q.(Kbb7^,e.`.91Z.....V...b|.d.HsC..^.f;z...bP.[F."Y/. z....dQ...xNV1....i^..{.A}.%...T.m.U.N|0uKfP..B.<.o......4x.<P+{....BOz..Hv...&.a:5n..=.+n.5...U.......2..c..B.)g.Z..k}.DZ&R.re.~.....6...V...;f.dB.j..T...n...#../d.w<.:.Q...zj:%U.....Xh.#f4...keW.;!.Lk|!.C..7.o"...MD&])4..W3..j.U.i...c...VL....>...vQ.4...L$.Q...J.%.J....Z....-.g:..].....@T.......+....%.z.G......Q!\.*.TLLT\..v......U........IEND.B`.

                                                            Chrome Cache Entry: 182

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):588
                                                            Entropy (8bit):7.566900590257927
                                                            Encrypted:false
                                                            SSDEEP:12:crWe1AGsHnNm++qy5WNKPxR9kPjwd3bO3y:L6o+4KPxjWUVgy
                                                            MD5:EF3B8AD15ED5EFA112C80015A1FEB94D
                                                            SHA1:2EC06EEC8ED201FFE9C8D66111EFCA08FB7F315B
                                                            SHA-256:2D41D75DA99F35CF59D21A7D72E8AE0FED01DDAB9CB173E567CBBDBBD29CF84B
                                                            SHA-512:D67372F343891847C156B9D5BFD63520629E62D110BCDF5CE19009E33EB769F73A7A22B994724AA13C474D9591381F0163DC6FCD22E0A9CCEBA5597CBCBE32C2
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/footer-logo.png
                                                            Preview:RIFFD...WEBPVP8L7.../W.......G.....#2.7......A..8gp...D0fI.~8[......H.;.8...q.f.~....v....w7.|8.|....x~........B.....R#....97..)..*%..j<....@.[..B..,B.sK...'..A..(J....\<..g..9I.vC.0o.y.W!.....k..........m\.].....\.1..$..O...j.......Cc.....1.....:.[..I}_v.]KRt.(.....k..$...~....^T-4.M..E....*M..&....[Z.0j|...^voV..x........;4mS.j?.94....2ja.a.....L..A...M....vRykK...3...q=.!g...*..i.J.xk#.B.tMN/.%..Nj."....p.....l..Nw.X8.I.G.k..}(.. .G.bg\..2......+.....S{+...Oz....O.....|..EON..&..8..sW.A.F.N..'.z.....r.....2u...0+.l...`N....rY...g..........

                                                            Chrome Cache Entry: 183

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):10382
                                                            Entropy (8bit):7.978054203954338
                                                            Encrypted:false
                                                            SSDEEP:192:uCrh0esfgBvdJ1DhdHAMQTdB89/gWFXVVM82NupMWDqAKGxNY5nz9ePY84jEt:fVzv2dBkgeVC82NqMWDqz9vJ4t
                                                            MD5:31952232794D8E36CFEE852184665EFB
                                                            SHA1:E51E03E5C05883401B5992BD0646004509965F7E
                                                            SHA-256:D2984B462C4FC319BCA70F9393A575A2295CE37400BDCCECF332E7C9F632344D
                                                            SHA-512:32D5D6359C29CA03BC4587B3723C03A164E90F8613843CE42793B871F8FC487DBFD9684549728BEA369FEB47F60914C07B7439F5B4B1F78770AE0A89F8BF3235
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/icon-lightshot-144.png
                                                            Preview:RIFF.(..WEBPVP8Lz(../..#.M(j..R.....R....(......1.D.6...#.m.V=. ......-...... ..*Z...?.....k{..S.[.je........._.!..].G.$9J.=.x..........ZS..F......}..zi...F...3i&...E..... B...+E.. ..j.Us.:....)I....}....Gq.Hh....u...!.m(.:..X...S..z(.:kG..?...a..z.....44.7C..B.j}.~].XNY..x........q#....]..v.v..ch........w<..!............w..........8.......|...;_Y........7...m...a..vz..1.m...O.$.2OT...u..@.m.P.1...8....c....d)....r.9...Y..`.c...l.9.....W.....|...Z.*.......n....!L,.9_...r.:..B.R.3|9.....n.}...%..].._.]/....R...m.......i........Ts..v.-[.!..@..H.......`%.{e..l...ypwww...T... ._.....w..]..y...UmY........3..".eP.d^...T.G.k..g...3m."Yr..,j.C.<bf.,..[..K..O`r..eff..9..OswU.g....Um?.XZ...K...|b...ef....'n.;.).(.D.!Z(...R.YZ..J....2Z.(1.d..33Z.2.iq.,.4.Fyb*.X.!...y\1.$..i..9.\km.t333c.{...L'p...(..w..j...\%..[{.=.HK...$]....E$.....y..g..Y.;.=..?`..refT..=...M.m+..Z..s..m.m...m..i{.>..h.N@.|..E|....4...K..[..#...z..^..2..L.,...Y..[.s......

                                                            Chrome Cache Entry: 184

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 57 x 38, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):1967
                                                            Entropy (8bit):7.872327009636096
                                                            Encrypted:false
                                                            SSDEEP:48:9kgYV3fclq1vQpNakhtgTnTbb+d+Hi6sNWs98E0v3Za16vId:OgIgq1Pn3SYHTqz0vAx
                                                            MD5:83715A812B03C3D2A51FFFD1270C97AE
                                                            SHA1:081B2DD12E49FF25ABAF533EC58038E6F049DEFA
                                                            SHA-256:E9F21D48F8437706DB1999CD75B8AC732F62BAE39AA6C45DCAFC3F43E7DB3790
                                                            SHA-512:5025BF2C60C97BD3A8657A68357BE3BB0CE40F89DA318F4649631E8A2DC3E2C307A55FD6B9946F0610D6F6074FD4E3F6B3E4ACD0FA9F9105D2A55AD4A45F83AE
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...9...&.....~.3....vIDATx...P....?..f.a.e.c..Xv.v...pA." . ..."j.5H.`....`..+..Z..$.t2m.I..46S...XMl..F.......i..%A.m6..a..y.....2?D8.....Wz.D........'T~./...(>.......]...r..[P.I^...AR.E.T......Bi...8.E....8...r.....p...p.n~./..r=."FBb.cr:.....C.|...^@V.K...j....cH[:..#..,..Qr-."5W]....+......S.%JY..#Ho..U*..W....h{.)....~.)...~.5.(..$......=.X.<...2;h.u..H...)N..$...]$..%...F....&.t...Q...N..B.._XBS.].$2Z...wb..[.@U:.....i.s...899.6/!D.?.......b..o......I.Fj....o...n..BO...hC...._..._v...N..O."R7..v!.. ..c.B.f.....u.8...!19..!7.Ae..j..d.....?6.......b;tM..b......j...f].'$.0..J...z.i..Ho...u.%U...4M...=....z..i.M...a^L...@j.~k.os.d....H.?...n$.=.,c..J.j..+..[..I..+F./].1k.t....ct..s..4..W.`MR..K....IZ.{....q..W|.dsGo.l^.H.aH."...,..nQ.n.x...rC?.a.A]..........O...;[9.;.?...`.S...x.fZ.O8..P.....z.Ge...}.nZK.8.N..6.[J7...J#.2.!/\G.[...q$.o....F.p../F..v).lx..m..d...n..#KG...\.....^.K..ifQJ.....".xj..T....8....o..P70

                                                            Chrome Cache Entry: 185

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):548
                                                            Entropy (8bit):7.5875867907905
                                                            Encrypted:false
                                                            SSDEEP:12:slP77EDJEDAEMAFdWlcKVKkvkbMOJY9jE0KgfusVL:s5eJEDAEhulzzzuC
                                                            MD5:69B311A3B25FBDEE3C2C95E9115C89A4
                                                            SHA1:BA9D6DA248C93B1586305CA66A56E4CD0B2CBFAB
                                                            SHA-256:7088EBAB059166B9BFAB17F4893950D0E11AE14A2C0B1B7158052B52FB0ABAA2
                                                            SHA-512:E3584AB091EDC6DAAC191D9B46DAF01DB5EF8A04C840EE2B1916A234CB9B1470857786EFD693941C90CD7524A895D5DF51171C71DADAD8162A0B69532323ABE2
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/helper-select.png
                                                            Preview:RIFF....WEBPVP8L..../(.....m#G.<w..........$..?...r..$Y.cf...'..l....Ih....D...9&hw.@....O0.... ..I....>..bK......+H..*......*....@.?....e.5..H.$H........dA.2I...Y....X..{.C...4D4L...b... .X...........{....%.6mk.c.m.q}...?.=....jD.......s.l..,".yK*H.)a...h]..,.V..G.#,XM....,......#A..-).-Z...pnZ..M...Z..SL.B.`:...]:..k0..2o.X`.-.#hY.4-.}hY.&..,...K...Z..j..3.k..|A...uEu.2GsG..u4..e^O./...<.&.faA....'...F..........o..T../f.i.D.........|..f.0..w....b[~.............%....]..f........fK|m.@.l..E'.`..l......R:...Z.!C)...

                                                            Chrome Cache Entry: 186

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (991)
                                                            Category:dropped
                                                            Size (bytes):70762
                                                            Entropy (8bit):5.379142289452726
                                                            Encrypted:false
                                                            SSDEEP:1536:N4Ibk/LwpfY/Gv2jhgK4CGSOcdO94OD7zfAmR:N4k9pQ+vShmD7LAg
                                                            MD5:71B73BDDCA9A2BFCF16DE24E253D1812
                                                            SHA1:E3E88CE7260C95C5F9F30462013D5FFE61746E44
                                                            SHA-256:E3D2AC9E0AFBC83F6B4C39CFF3DB79ECF892DF90B8C874BD0E2A43BA1B1C3069
                                                            SHA-512:7F7C0CC3A84DCD9DAB8808934A2983A74A4E47A00858BFBF6FCEC01CFC7A6C0DC96BCFD6A4C7F4875358EC14B17C05ACD16C617DA983B6B38DBA84A0F623AD88
                                                            Malicious:false
                                                            Preview:var $jscomp={scope:{},findInternal:function(c,b,a){c instanceof String&&(c=String(c));for(var d=c.length,e=0;e<d;e++){var g=c[e];if(b.call(a,g,e,c))return{i:e,v:g}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProperties?Object.defineProperty:function(c,b,a){if(a.get||a.set)throw new TypeError("ES3 does not support getters and setters.");c!=Array.prototype&&c!=Object.prototype&&(c[b]=a.value)};.$jscomp.getGlobal=function(c){return"undefined"!=typeof window&&window===c?c:"undefined"!=typeof global?global:c};$jscomp.global=$jscomp.getGlobal(this);$jscomp.polyfill=function(c,b,a,d){if(b){a=$jscomp.global;c=c.split(".");for(d=0;d<c.length-1;d++){var e=c[d];e in a||(a[e]={});a=a[e]}c=c[c.length-1];d=a[c];b=b(d);b!=d&&null!=b&&$jscomp.defineProperty(a,c,{configurable:!0,writable:!0,value:b})}};.$jscomp.polyfill("Array.prototype.find",function(c){return c?c:function(b,a){return $jscomp.findInternal(this,b,a).v}},"es6-impl","es3");$jscomp.polyfill("Array.protot

                                                            Chrome Cache Entry: 187

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (5945)
                                                            Category:dropped
                                                            Size (bytes):267154
                                                            Entropy (8bit):5.572316881574134
                                                            Encrypted:false
                                                            SSDEEP:6144:E3OpmFU7vli04d7G3BsEemveZNoH0fxnQ6:i3W7v4nhiq7
                                                            MD5:07D011AA48BD2FBD3C4941791AD484A2
                                                            SHA1:11D218CCE6A34D9099E4B373EFB1A20A8675431B
                                                            SHA-256:BD7308F4A26AF6AC166FE6F88397AE0D530CF1931D14F6F2980C2A70080D73BF
                                                            SHA-512:54EC555FFD2DFB26A2BE0F480A25A1B98D4257BF411857B64A7CBE242B31AFE1CF7C8A1E926411CA3B4BEF80531A398756B4C6983E902FA5E2BBE876E8B7CDAF
                                                            Malicious:false
                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":6,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_las

                                                            Chrome Cache Entry: 188

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (57906), with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):57906
                                                            Entropy (8bit):5.487254140767187
                                                            Encrypted:false
                                                            SSDEEP:1536:sQ2QcQ5QfQtvQIQIQqQE+a5QiCl9Cl9Rz4lRWcyKm6e75r:nR3qIt4TT19iBzMmDN
                                                            MD5:96CBB4232A0A28C2401F0F3AC08577F0
                                                            SHA1:AAE4FE91AD9BDD9370C44D20E2BE3DBBA2EE5EA4
                                                            SHA-256:54B860B5D4930DABF878206983A139233E0782D2E34DB562FC9931B8C08AA21B
                                                            SHA-512:5627D285CD914078A58468F7E61B0BB8C9C0C304D866ACF5B78754A6912C041509192004A4727F8965F1CF841DB547EBFB5855C4FF415E3F2E100C5E23FE4F21
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Preview:article,aside,canvas,details,figcaption,figure,footer,header,hgroup,menu,nav,section,summary{display:block}.clear{overflow:hidden;visibility:hidden;clear:both;font-size:0}*,:before,:after{margin:0;padding:0;border:0;-moz-transition:color .3s;-o-transition:color .3s;-webkit-transition:color .3s;transition:color .3s;-moz-transition:opacity .3s;-o-transition:opacity .3s;-webkit-transition:opacity .3s;transition:opacity .3s}.button,.button-blue,.button_blue,.button_blue_download,.button_blue_mac,.button_blue_win,.button-green,.button_green,.button_green_download,.button_green_mac,.button_green_win,.button-purple,.button_purple,.button_purple_download,.button_purple_mac,.button_purple_win,.button-gray,.button_gray,.button_gray_download,.button_gray_mac,.button_gray_win{display:inline-block;vertical-align:middle;*vertical-align:auto;*zoom:1;*display:inline;position:relative;padding:1px 2px 3px;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px;background-color:rgba(0,0,0,0.11

                                                            Chrome Cache Entry: 189

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                            Category:downloaded
                                                            Size (bytes):5430
                                                            Entropy (8bit):3.6491473639041745
                                                            Encrypted:false
                                                            SSDEEP:48:Z+kTWdkux/gN9JwAmpLS+XfnZDPXs5HVkbuYolc:ZrAxY9mlS+/NP85CaI
                                                            MD5:FEB7CA0515D4660FC15FC4F42C8904EF
                                                            SHA1:4CF8B8A1BFF5DF3E74A7461913B502EAEE0A4937
                                                            SHA-256:B50109BB17A40D032CB6EE83163E10D220E0D19A19192CB71950063070888570
                                                            SHA-512:A6D02AEF62F841795A1F7EE6567072F625C31F6BF61DD73D2FFBD022CE429864B5C94E9C1B7A1D20110ADCCB0FA496898C186CEBBF529C69DD9E6CC5D1A4A036
                                                            Malicious:false
                                                            URL:https://app.prntscr.com/favicon.ico
                                                            Preview:...... .... .....&......... .h.......(... ...@..... ..................................D...c.U.........................................................................................................................5...L..........................................................................................................................U.../z.............................................................................................................................;...K...z.Q.....................................................................................................................X.."X..~...c.Z.................................................................................................................c..E...1h..u...Z...f...........................................................................................................p...m...(Z..W...p...]..].r.q...................................................................................................}...y...\..m.

                                                            Chrome Cache Entry: 190

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 19 x 18, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):370
                                                            Entropy (8bit):7.245102512568108
                                                            Encrypted:false
                                                            SSDEEP:6:6v/lhPSiPjiXatT06Uo3pcKtt8RB8EmYNPZcXFlKmZnvLa+WWbqrm+Co9NtsOp:6v/7aimOT0xupcU85mYEem9HqC+CoTl
                                                            MD5:1F06D69E416DAAAECFDAD692AA777E75
                                                            SHA1:547959FB9F273B0EAD678AB30FB99BE0F7ACB61B
                                                            SHA-256:44ED711E1027D9D643E2B1D82EBBE67B50F904C27E02BCA773FB345309B50369
                                                            SHA-512:8C7B88D15F0B325745EC897CC83692C742BB2A6F7B5C341DD18C5D53C415D97F27E499A88BCBD06491F8D32AD8568466AE54B62D6F99B8963F02C9148E3CE4FC
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...............-....9IDATx..KBa........b....!a`c....*........)..A....6F..HC.[C.B......O.`..=~.....F.....K,...s. .RP....b4.V.........M...q.c...M.'J...5Gr..E..).R_f\.....*.49..y.V.[.]....$s...1|.._.VD..Zf......@.!..y.O.I..tu,...z.2i...E..J...$...p..f*yR|....T.!i....u.....<m....b....g.l.XA!.?.o..7.p.!.1.8".....]........IEND.B`.

                                                            Chrome Cache Entry: 191

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (2343)
                                                            Category:dropped
                                                            Size (bytes):52916
                                                            Entropy (8bit):5.51283890397623
                                                            Encrypted:false
                                                            SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                            MD5:575B5480531DA4D14E7453E2016FE0BC
                                                            SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                            SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                            SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                            Malicious:false
                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                            Chrome Cache Entry: 192

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 626 x 20, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):638
                                                            Entropy (8bit):7.5508537756216025
                                                            Encrypted:false
                                                            SSDEEP:12:6v/79hI00tPVn8rtA3RtpRvL+JHy5i80UpPyV1zAIRDZBkCwvdlmaMh:eoR0A33phL+JmItwllm9
                                                            MD5:9FCBD4380E75236CCA3DA2C42A02BE96
                                                            SHA1:D139D21026416BF4FBC8C0AD6F75C5B42714647F
                                                            SHA-256:3D3C1A572462A8F1CE35F89C15A0DCF2A63EF4F4E57314FF3340586D0495B1F7
                                                            SHA-512:3C0DF68B63503CA636FA386DF1B877348BD921C7A6ABDB45E703F27A427680FB0FEB07353EE5F719E6E8B5D50EA1D68A2238B246A732490F8D344A8CA789036A
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...r............p...EIDATx...n.0.C..............VJH..r.vJ_..f.m.<..]G..Em...e:'.I/.......G.....:..B.q.....F...,.....T.7.T....u.......vV|......q....!b...H.........y.B.n$....;.xj...1...R.!/h:.<M...?. ..sg.'.M.hu1...X+....L.../@...!..'..,..#...V.7.....LC.._.{r.i?n....Q.....@4..)...fB[[..Y.C..:|....o......%..E..H+ M.X..U....w,...wm0....u.......<#d....\....a{4B..Wy..t .......Y..bGY R.Wy.4z6X..zY..q.K.`.\...X*...Y|..&6..;2.,..3^........r.mSD"......j....p...k.v..Q...mx3..A../<..a!h.n......./.........E..\......m...*.../C.....V... ..o.......QKP.L.O..D..@0..:...(..x.......V+...V^....IEND.B`.

                                                            Chrome Cache Entry: 193

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JSON data
                                                            Category:downloaded
                                                            Size (bytes):461
                                                            Entropy (8bit):4.696712629429717
                                                            Encrypted:false
                                                            SSDEEP:12:fs0rH/wuu4axh73bg66/o66uObLkb8dMbuSauwb:fs0rf/naxh73bg66/o66cbnzQb
                                                            MD5:2B2E4801BC2BACD8459D49137AD31E7E
                                                            SHA1:EF1A05FBF0FEF0B95F51D5A1BBBAE91A37153B03
                                                            SHA-256:1BABE618F1D9CBACA7F582B39DE91FBF77F41AD5EBAAC8B2A26EFA80E742B3C2
                                                            SHA-512:71429550370FAEBC9D3DA1D6FD10AAF7290E6D77A0B7D0E0F5F72D3020053FE246D3899A7FCC4F289B7985B7FE526DC98485530896A1ADD0E6A263953AA85CA6
                                                            Malicious:false
                                                            URL:https://app.prntscr.com/manifest.json
                                                            Preview:{. "short_name": "Lightshot",. "name": "Lightshot",. "icons": [{. "src": "//st.prntscr.com/2023/07/24/0635/img/icon-lightshot-144.png",. "type": "image/png",. "sizes": "144x144". }],. "display": "standalone",. "start_url": ".",. "prefer_related_applications": true,. "related_applications": [. {. "platform": "play",. "url": "https://play.google.com/store/apps/details?id=com.prntscr.app",. "id": "com.prntscr.app". }. ].}

                                                            Chrome Cache Entry: 194

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (3824), with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):3824
                                                            Entropy (8bit):5.187625115368997
                                                            Encrypted:false
                                                            SSDEEP:96:ttsnAhgoOrtmc7O+OmOa8eFnN1fPJ/pe6WRF:8oO5mc7O+OmOfeFnbfhoF
                                                            MD5:5DB3B16482A2FE81B7D2FDA027F2E848
                                                            SHA1:3DF0E95286E5003218147C0AE7974A84C06A14FC
                                                            SHA-256:D91D13FD8F9D253A8213AEEE7EBAA7E073683FC600A3D82902C3C669B8FFDEE7
                                                            SHA-512:14DA95EDCFCA908653A4F8ADCA20BC63ECF0A9E611E194B6F71BE6EAC5C206E0080BA200069B3D34F378DE59FC1A59F8806BF2B0F598B1321A4A89F56729104E
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/css/jquery.smartbanner.css
                                                            Preview:#smartbanner{position:absolute;left:0;top:-82px;border-bottom:1px solid #e8e8e8;width:100%;height:78px;font-family:'Helvetica Neue',sans-serif;background:-webkit-linear-gradient(top,#f4f4f4 0,#cdcdcd 100%);background-image:-ms-linear-gradient(top,#f4f4f4 0,#cdcdcd 100%);background-image:-moz-linear-gradient(top,#f4f4f4 0,#cdcdcd 100%);box-shadow:0 1px 2px rgba(0,0,0,0.5);z-index:9998;-webkit-font-smoothing:antialiased;overflow:hidden;-webkit-text-size-adjust:none}#smartbanner,html.sb-animation{-webkit-transition:all .3s ease}#smartbanner .sb-container{margin:0 auto}#smartbanner .sb-close{position:absolute;left:5px;top:5px;display:block;border:2px solid #fff;width:14px;height:14px;font-family:'ArialRoundedMTBold',Arial;font-size:15px;line-height:15px;text-align:center;color:#fff;background:#070707;text-decoration:none;text-shadow:none;border-radius:14px;box-shadow:0 2px 3px rgba(0,0,0,0.4);-webkit-font-smoothing:subpixel-antialiased}#smartbanner .sb-close:active{font-size:13px;color:#aa

                                                            Chrome Cache Entry: 195

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 10 x 18, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):330
                                                            Entropy (8bit):7.169767400609738
                                                            Encrypted:false
                                                            SSDEEP:6:6v/lhPY05MUNgiRVey7+azrr2lVsdCTlbKLEP3h0BP4GRB/sup:6v/77vNgsB+a44CTlca30gkB1
                                                            MD5:501E76991AAEB576DBD650814D49EDD5
                                                            SHA1:52E31429F64185D9E8165709972F014991B71C13
                                                            SHA-256:8233E5CD58B6CEBC03F28AEC9B7043857D363C8D2CFD3B8CE06AA0B41D8FA031
                                                            SHA-512:2F9F85CCBB28B50D1174A41F1D31D55E1E2B93AECF1ABCE81A92E62D7353F300F3C09E60CEED18FB371A417F108EA027FB3671EA2CA9CBDE8DDC4D004EF261FB
                                                            Malicious:false
                                                            Preview:.PNG........IHDR....................IDATx.M.O(.q....o.mM...9H.4..V#J..\.. ZnB.).......Dm.<.....@Q.D.\<..{.|..f...}..@..|?..9.c..4........=...k.e..*..SR......l0C;@dj.I..-....M.U..N..y{.I.zL..{.$ S.2.K...p....x...\....ab.6.......a.n"..fV.E.X.. . ...6.J. ..QAs....h.P....|U....~by....#.(.g.0..8..2H+A......<.wn....IEND.B`.

                                                            Chrome Cache Entry: 196

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 130 x 40, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):5502
                                                            Entropy (8bit):7.9495853477255585
                                                            Encrypted:false
                                                            SSDEEP:96:NfAxiPDjTkJIfSw2Q1EMzJXRxa+IdOoTKqARJ4y+g/DhLlrDv4dA9Itu34crTEuD:BAxsjIIfzP64Ju+4OoTKdJJZxpDwdA7R
                                                            MD5:5FB445992F5D9F18F21366A68C04C79B
                                                            SHA1:D232212C1D6D3D1328C4EE7346A5C9565381EC41
                                                            SHA-256:F665C6AC00095F06B8A9D5CD2ADCF485ABBBDE02C4CB0F3C7DD2D00CEEB16D33
                                                            SHA-512:E43CB4D4F91E06CA37E5425FDAC9DFA55B149AC66D3EAAA055A04BDBE4679637F4C78753EB34A6DE712C70B14D5304E9C4B21C5F17270442E41122432D2C55B6
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.......(.....2."u...EIDATx..\.TVG....$...5...q.K.5.!j...q.7.PA@.....BT\PdQ..].P....l..n...1..B.....9}...?3.G..po......{...A..2..{M.69....^?r..x...:..{:'..W.....x.L...m...W......s...chB'...=...F.@...<.2....C#>[..%0.~nn..._.{..-..~.....?M..N..B.b..S.,Z72...'S...f.Q.;UUUi...?...~.....4.o..?..{..Ezzzs.\-L.Gee..I...<..7.mH....(&A..?..<~.....N.}..".~.W......r.p.\f.OMt[....O.%.p...~7@Mo].v.C)....O..+5.........5.CCC[.../%.....kQQQ..7....^lw.z_F. ....:.z.6...#.(..49...M.F..={.........c........#PW.8!!!^......Df....f......9.....9.....?............US....h.id......]8.'pZ.K6...{Q6.....].h!........O....n......D..Q...<.zj..MYY.....z..;..;W.....7.>.=e.?;;...o...x<.]\\|..j.=i..E..x..{m..X@.y.;.n...y.Gi....4.....%.&.4K.B..{..GCH..8K...w..;..]z..H:.-.VZ..z..{..............N,I......g[.l..y.. ..7l........4...h.}.........C........3}nZ......)tu>.v>K.;OS...Vh......p........Q@M....&..k.E.]........w.p....{>>>.r....Z.[:b.R.g..Kg.=..........W{.l

                                                            Chrome Cache Entry: 197

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):314
                                                            Entropy (8bit):7.2592266008843955
                                                            Encrypted:false
                                                            SSDEEP:6:Ck5Z7lW6vR4qrRPYKEmZtizSCK8NW3Cc36EEAUmEjCAnBovay+ofFQ7fBlqL4JOB:nBWSR4q9LFtizSCnc3DEA/Ej1iay+sFf
                                                            MD5:AFB5B381A652A5A0B6331E4FC0796A04
                                                            SHA1:1510E2684ECE7901F1BA53A427D41DDBDE460A19
                                                            SHA-256:E926F30958D0C21D088E6A671D3356A3C3FAB9CC6220B8E408F19D868A7DC5C8
                                                            SHA-512:253AA27F3F654B5607039F45405A904A6250A9C8F5F603FC247223F8C7E76FEC5A138EA9D56954020469A56F76C0023B8B827D87CB925B59072FE880C8ABF9A9
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/button-download.png
                                                            Preview:RIFF2...WEBPVP8L&.../.@...@..my....2@tV...!%....3s....>X..ez.........l.Kk.....m;m.z..5.{...mM.....(...{..>.V..../..d..u&...E@a.....*......~.YS.....-..)..H...q.a.......R....D..\.6.k.J.L....x..)....{.>I..3...E....(..s.....|...!``..\..Y...N.....t.xx.......^>.3+........O..=sd.y.......1..,.+."..W.,<...E..

                                                            Chrome Cache Entry: 198

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):2290
                                                            Entropy (8bit):7.900657810217616
                                                            Encrypted:false
                                                            SSDEEP:48:utcKlcP731WEFWct1M+cAEFwOY+lq5bh5qgIcZl/PhMlolHB0N:tPrn12AHFLqjcZJbB0N
                                                            MD5:7F5C239E36E8E650EB086191FD5FAC3F
                                                            SHA1:D2A8060595CE8D39980F9B46CB870E0B45A29F07
                                                            SHA-256:BDA17A8DFF9C8A51F73F873F59059DDA749B62A2D8D0351670DBD1906FC1CA64
                                                            SHA-512:4CCCEACBD703E077A2EF5FED3E289CEAC5B9D6FBF3F57C02D2F50C1826E5271DCFB5FB2A184F0011A06BB8DE1BB97EE2E067ECDD27B2B5B1F2A21DF48665FF07
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...0...1......^*"....IDATx..yTT....o..e...( ..l3......\0..".....\.6F.1F%j....&..Z..h=.-PEcc.X.Fe.DA.....{....G......'....~....{..w...0.R..x.V.9..uX.r.....!...h&...+x.od.....t.......4D#.J4.y...F..0F.....<.&,?.95.9)i....=....B...K..&d...X.1......sy(..|......v..........W.%D;.S.....s'xU..R...U.:...Z...v.h.....wj.....X.G.A.~...$.^ ,L!vY.<..N.*j:S......[._.f.z.G..,.N[kKS.`.<......M....z.........4w..G.......s.5...7S.7...]m..=.1.G......-...o.%.....M..,..W:j...7...O}......A..3J...N#..q........p.}..>#..Q.....Le.[...p>.Ou.....*.j...D.6.K..|..i.G..k3"?.MM../N.G..d...U.`'....,.....sQ..qa...b...........AUj(5\.r3.hS.vRs..jj.-..(vZf...n.h.^.o..._vP........\O..2...[@}$....y{].7vLR8..E3.p..{..(p.j.................l.....1...]Q...ppV+.&.t.~.....`8.5..Q.......@.2.hV....x..H1.b9.(@D..F...E.pV.'@3.......C..v..%Y..I:......{...!.K..5%-....^>..(9c.......v...yuI/.U.M\iy6=WjO ..3.Yt.4fo.`..?..Z....7.v....Eg.x....Q..-..........5H.........K.%.#...qh.&.2m..9q

                                                            Chrome Cache Entry: 199

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):13345
                                                            Entropy (8bit):7.960747193342878
                                                            Encrypted:false
                                                            SSDEEP:384:T76O+G04d3pNchE2tHy0JQ4UTLd9kaGW/t:SOnpvYu0JQ4UTLd9kzW/t
                                                            MD5:F744AFD6B6906B5A054CAC70495EF235
                                                            SHA1:FF50F79B3B9E3A330716109E4D00EE54A12F4B59
                                                            SHA-256:B890A00C7D63C35EEA4360E7C35D069665FD3764563F2E0E93BEDA847087893C
                                                            SHA-512:E8A866994E34A529D4960798EE3794EA9E7E4BFAA246C9E789DE86F468A1A0E6283C303706A29A77BD8671F84D24159C195918DB92882A4D494B76D66D18FF59
                                                            Malicious:false
                                                            Preview:.PNG........IHDR..............F...3.IDATx.....Wy..s...n.J.]..eI.l...l....|&&..z....!.....)|.$......%...+.,c..]m......9.|.....swU.d......{W..........*........:.=..s....GYe...^.?q.......?...e.u .......7.nx.+..^-(.*k.u.U.V...So......_..+...F...2.'....a.......=...j...2@e.n......P]'.....V.....T....5.zD.yuc}l|4.1N..X.X.2@eM.gV?.f...f.X..!.&..i.`.e(.T..Z.5....&.k>.....e...f5.!...r.+kJ.t.~E........b4..9b.j...*P.@eM......h"....QE.`.8..cP.4B8...,.TVI..Y.E.kk.g.z....M.%.P..@...^....~........kj.#Q.C..m89.k.C.t.I..&..E...&....[.VD..mi.... L...V.a.o..T.2|..P..#....e./>.\......^....;....1..@.E.B@.@.H...!.,.._..45.=..gq.".n..G&.}.I(...PA(...........D.. .....WD..1..%.O.3..B....h.....*..Q...".yF....U...__u.'c...4,h..E+ L.....2t..C.D.!...i..D..5k?.......|o..o...u5?.{....=p..\...0<8......`.....~.e.t........F.S..pM].l]UC.~p..Y.=....1h.]x.1.....:..$.A~u....gj...zV..Du....!M^...bl8....U(..P...S.....@*.:.u..N.....X"...9.a=.........f.tu..J.@St.u.B$@P....s.!.

                                                            Chrome Cache Entry: 200

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (5945)
                                                            Category:downloaded
                                                            Size (bytes):262931
                                                            Entropy (8bit):5.569376710786632
                                                            Encrypted:false
                                                            SSDEEP:6144:E3OpmFU7Flq04d7G3BsEemveKNoH0fxnQZ:i3W7FQnhitg
                                                            MD5:BDA263F27E5A89126F1974A3483F7290
                                                            SHA1:5B64A18E93E2A5E092BBC63DD21015AC73C0A4E6
                                                            SHA-256:7F8CDB3E5CE7DA6DF8ED06813C4450E08EA1A3808F8E6E5EAFA335E957CF54FC
                                                            SHA-512:FB34B8397E545BEAC0BC8FA7C806E1F0D80323B55A8241A3983C589B3885BAE7B71C78D8DA4ED5B016CEBF7BBC5723F79639203FDCF2C0DB6882C7E330000E46
                                                            Malicious:false
                                                            URL:https://www.googletagmanager.com/gtag/js?id=G-0DR1D0LZJH
                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":6,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_las

                                                            Chrome Cache Entry: 201

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 text, with very long lines (65480)
                                                            Category:dropped
                                                            Size (bytes):93435
                                                            Entropy (8bit):5.372924511876392
                                                            Encrypted:false
                                                            SSDEEP:1536:bYUfBybwh3KRI83RExoulFXo7CkSsz/G0bSVze/3260eMSTC5bqYKKhwFvxizJSM:XIi3kIP9kSsgo/ZvxYrtPTKCNtHyUtCg
                                                            MD5:0B6ECF17E30037994D3FFEE51B525914
                                                            SHA1:D09D3A99ED25D0F1FBE6856DE9E14FFD33557256
                                                            SHA-256:F554D2F09272C6F71447EBFE4532D3B1DD1959BCE669F9A5CCC99E64EF511729
                                                            SHA-512:468C0F964014D76EC5966F5589B2CCC0A7B5F3E8A785134897DFA282A3E6824CE9A75584C9404B77A6962FEF99547356AABE8AA71A6499E2568B9DE792D90579
                                                            Malicious:false
                                                            Preview:/*! jQuery v1.8.2 jquery.com | jquery.org/license */.(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba(){return!1}function bb(){return!0}function bh(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function bi(a,b){do a=a[b];while(a&&a.nodeType!==1);return a}function bj(a,b,c){b=b||0;if(p.isFunction(b))return p.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return p.grep(a,function(a,d){return a===b===c});if(typeof b=="string"){var d=p.grep(a,function(a){return a.nodeType===1});if(be.test(b))return p.filter(b,d,!c);b=p.filter(b,

                                                            Chrome Cache Entry: 202

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 18 x 15, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):419
                                                            Entropy (8bit):7.33871138156174
                                                            Encrypted:false
                                                            SSDEEP:12:6v/7ykPiBJgUTsrwyA+uYP15FRNDshUpt583+j4Q6/:DRYrwyARYdbDsqu3+m
                                                            MD5:9E26EA7DE9267D35A9DFBFFA4E6717A5
                                                            SHA1:DDBACFDEC48C3B642FD55B1F083A9E696168FBA9
                                                            SHA-256:6C15D1C4B5BC3A534AD636F054168FEEE6518E1D5BE014395B9AA2544229D652
                                                            SHA-512:739DBDBE36D72AEC3C80ECD14CF79E140D2331AE1CB9BA4A80007346F39661EF0C0A6C0DE1BBF582EE3A694A14C778C2507742753857BDC656A4583A7603F245
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............C.W....jIDATx.m.K(Da....`...hH.+..f!1V.D....`..q.(.rI..Q..HjB.))...[......9e..<.....^.v.....%...'^.^......3...V.<_.Q.g..G|r).7.zd0.....i.Z).~....)4..=.D@..z.z'....f.TVo...5.....zs...8.:..K...t.....#.|.......F../..r..t....\.b..c.....X:....M.%........f:.cb..m...&..%.nu..o.....}"...:......&.tH3...-$-..V}......)%.k.<U$...:....4.,1.05.....I..M2&2U&.0......b..........IEND.B`.

                                                            Chrome Cache Entry: 203

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (5945)
                                                            Category:dropped
                                                            Size (bytes):262947
                                                            Entropy (8bit):5.569579522562461
                                                            Encrypted:false
                                                            SSDEEP:6144:E3OpmFU7Ylq04d7G3BsEemveKNoH0fxnQG:i3W7YQnhit/
                                                            MD5:A6B599741F9F26CA84D9C4C9002490C6
                                                            SHA1:98B9EC14B7D364E9FD82C3DF856571FF2AFA22C3
                                                            SHA-256:582180D5B570E94FF30718D50E57C6ECAA9B73A55A384B582308B1BF49B4C2AB
                                                            SHA-512:0A5593DAB1C82FDB1E2A99C5861A6FE42EA62E605C3D0D505D6B06AF6E06D567255844F2432637BBD69F181307F14E9A3D5DFC21ABC930A290787F2E78179446
                                                            Malicious:false
                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_dma","priority":6,"vtp_delegationMode":"ON","vtp_dmaDefault":"DENIED","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_las

                                                            Chrome Cache Entry: 204

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):4148
                                                            Entropy (8bit):7.9478773577631925
                                                            Encrypted:false
                                                            SSDEEP:96:OwXxklVfNTksVWwSiwMZsEjkTXFRQNF7RXhsYS9lYQl2RqCIY:/XmRJVWwSiFtNF7RRsYMl8d
                                                            MD5:F1CCCB5B43A3372786ECFA9D438D3C9F
                                                            SHA1:F61E08DAED87EFA7A3D41FCF7014E165FE4AF243
                                                            SHA-256:40EC0B04019845302A5052B4689B5D3477C9717DCA73243E5FAF7CF98F3AF564
                                                            SHA-512:70EFB5D33D1758BA99ABEE2AE4E9D44C43AD2C342BA786959B64E2C06A4DE402C8D2E33725BFE67DEDBED45E253C8A10164AE71EC3ADADF49EF7BDCB0C0ED383
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/header-logo.png
                                                            Preview:RIFF,...WEBPVP8L..../........m..?. "&...T.......F..cff.233....9.033........yg'....ws..>.kwS...j....9.J.l.........r.25B...e#.pw..m...?w...m.m...m.M.q.#.N.9a...m.6.h%e.m......5b.m.~.'~.>9..?.g..Z.h.v.F.\g..,.1dW);..o.i..m...4ff..`.DV..R8..`.s..m...im..R9..g..S.:.Vi.m..MEn.6t.{...%.Mb..Q.........b..<.yj.o.....uB....^\.../Wp.O...jL.F.....N'...6..M[..%U.'a.........c;3....s...Y...Q.K.vl.T...@....v.\..)@/".....r-..({#H.3...UH..z.g..../../w...r..@.(...Aw.aE...F....+.. %].y.r.U.(....6.O...tmU.Ii.4...Z.@-.3=..!.........@x.4....5<h.#..F=....F.*.}/..[..*.....c.p.[p...p..JE....MM....N....8.....4.S...> .L....BC..G.5D.2........MM.&.sI.....sh..-u.......(.e..D.d..-^........X#y.z.$...4,c..%...12.......{|.,...;..=.=.>..x........n.<..........~...*..`..K.8=..H...%..............8.#^........c..j(..^..|..{.[.1.P..O....,.......`.a.....fc.7>......Z....6*..}...I..W..HV..H@#.4..s7....ufbX,......d..q..;A..."1......^...m..#..i.W....;.C.~..vh.,.....|(..u.

                                                            Chrome Cache Entry: 205

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                            Category:dropped
                                                            Size (bytes):5430
                                                            Entropy (8bit):3.6491473639041745
                                                            Encrypted:false
                                                            SSDEEP:48:Z+kTWdkux/gN9JwAmpLS+XfnZDPXs5HVkbuYolc:ZrAxY9mlS+/NP85CaI
                                                            MD5:FEB7CA0515D4660FC15FC4F42C8904EF
                                                            SHA1:4CF8B8A1BFF5DF3E74A7461913B502EAEE0A4937
                                                            SHA-256:B50109BB17A40D032CB6EE83163E10D220E0D19A19192CB71950063070888570
                                                            SHA-512:A6D02AEF62F841795A1F7EE6567072F625C31F6BF61DD73D2FFBD022CE429864B5C94E9C1B7A1D20110ADCCB0FA496898C186CEBBF529C69DD9E6CC5D1A4A036
                                                            Malicious:false
                                                            Preview:...... .... .....&......... .h.......(... ...@..... ..................................D...c.U.........................................................................................................................5...L..........................................................................................................................U.../z.............................................................................................................................;...K...z.Q.....................................................................................................................X.."X..~...c.Z.................................................................................................................c..E...1h..u...Z...f...........................................................................................................p...m...(Z..W...p...]..].r.q...................................................................................................}...y...\..m.

                                                            Chrome Cache Entry: 206

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):1630
                                                            Entropy (8bit):7.852212344214907
                                                            Encrypted:false
                                                            SSDEEP:48:pqh7TFB3/k1QRQ9aBoql4kSkOByRt0foJnKjQS6eF:kh/FB3/k6QgqSzdOVsKMtI
                                                            MD5:63F4E69FE7BD212EACB0D2F0AF39F977
                                                            SHA1:FE1A1C3DC4B8EDA5D993C8060E7EA29C47DD8EF1
                                                            SHA-256:0AC4E86FBD08F5294F4FCBD8E2D81DFAD75F8C8F38EB167A809F2AF5A0BF2B15
                                                            SHA-512:1BB7B27C0F1F5E6F9C29F6A1A04B955231A0ACA53F844E87BBF4F01092A409926CC70490B0F9DAD76683C16A6FAB92103EB291B44FA0E5CFEAB5DD3697A275E6
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/helper-share.png
                                                            Preview:RIFFV...WEBPVP8LJ.../8@..M0l.6r.L.{......?.....Pj.6..6..16.I...m.l#Ir........(.Dk.YE..j....">.pE.........6u.*......e...._..i.}..IwM.&.G.....7}.B^./{.h.\k..I..ZF{.w.L#...=......&H!tw'rY.m-.w.f....(..lk.y..w...:.!3J.....xRC...g...];Yk....*....z2B....{{... . .H...m.m.m.m...6.N..`Y.......3.D.0.._"|...!/...*9...9.:kWg..lp.E..CGh.V...Q>........S.a....J..SI....p...@f......x[!...^...U....V.......|.....[.a}.A...P[.!...`."H.B...8... .m..%......KV.!Y...k......C.I.Q...o.NB.i.....A $%....A..O.-...@.d%....?..Z=...xe*..s...*.b."..]..7..8.j.<..C........g...4ck...}.g........._..Y..?n....#.5X;....fz-..f....n..1.....T.N.Y....u....d...24xI...GE_E.`.n1.,u....gr...@I......&j.....X.0J.e.s..3...W....A.H......kb../.l.JP.r....yt.....tL&.X.......u..`..O)6S...r{........B%@uA..j.W..Q>...=d...c......MV.......S....r&.&...m.Q5.L;[.?.....kK.&V]A..U.g......D<~._..:]g..:.*b.......r...2......)..C...W.5.._[v9.8.-;>:....|O...-RAwj.z....A....n...?t@....B...l.{.q.......o.q}=L)GzT..kx.

                                                            Chrome Cache Entry: 207

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, progressive, precision 8, 480x317, components 3
                                                            Category:dropped
                                                            Size (bytes):29907
                                                            Entropy (8bit):7.948306889678443
                                                            Encrypted:false
                                                            SSDEEP:768:hlWxXo/qmcQg19rfYOKP99IO08ahSZROs8RvJgKrSJ/dgjr2:hlWxXo/qblfsP99IO0thSZcsC2/dcr2
                                                            MD5:713C2AD92E9B72A27B60A80E1B2694FE
                                                            SHA1:2D1091A214118419D5A6D7509740339DEBB95351
                                                            SHA-256:DCFBD734B6107E93CE118C60CD927EEABC2A8C8F4CF9FE2F5E82B36E40604D7F
                                                            SHA-512:EF9308D6DA6C3EB186A6DA329DC42F83D1FD0C5F2E00DE9B6712E93E49F7C7ED259D3087B7FD1B22EFF40CDDCC06826E2EDF7D900C34E9F1D4F1CB7F91BCFC78
                                                            Malicious:false
                                                            Preview:......................................................................................................................................................=.............../...............................................................l....z...|.H.a...IK.......h.Ni.Y....$.0J$.8z.p.......".#.4........m.Ka.Z.D...bb.D....d_&...De.D0....z.&a..fA.....8.....d...\'-..X,.".!9)p.....S1....C',..p`....A=..3.?;.h....M..%%$.D..p...NL8..Z.a.....T3M......p.5K...!.b>....?6...D...G. .....A.... ..d...C.r.!(es..s.;.9c.2...6K...g..V~........22 G....C.8..Y%.B.C...C. ..x.Lh.y....xY.6.....(. ?F.A......b... .2H...) ...a....1`..Q.7..h.O|4....<..%=.F...G2..$l.@~{.>...`...%..%%$.rBQ.L.$.......;".....g.....x...'..}JsG.'.U?A.."3...H..Z....`..)`!....A.!..B.a.=|.6M.=0.N..9...%:R.}.f..Fy....B|F|.g..@...`.z...r.6.(....(..0....S :.s.0..No...9C.4..0{Qp.........|V|.Q)..S#1G.F...K...Yp.j.E.L..........V8C...r..W3.'Fz..N\.OH4.O4-.H."..X...Q!.T.....A..J@.A.... K.D..1..&..Y7J.3`.7..T..3

                                                            Chrome Cache Entry: 208

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):296
                                                            Entropy (8bit):7.261204855599398
                                                            Encrypted:false
                                                            SSDEEP:6:Qk5ZC1hIwGl5Bxnjz04hRGM6wW1Rx+AW+8cs4OBVOJKo/jUs0HVsI:QJ+HnPthYM6xdccUcUN1R
                                                            MD5:390610A68082DC74215C5B8DE98385B4
                                                            SHA1:240CCE13E1CC494F078C1A8AF46467EFEBCF63E0
                                                            SHA-256:A093D2047E1A59B7103810B947780E5F94D865915CB923EBCAA7E50F557C2102
                                                            SHA-512:F76F90687FF263BC0EA345C02CE8CFA835C63BB85100A81397180317BDAC823B698153DB259B0CF1DC0677D257AFD48B4FE244E4A76D37ADC854151A7FF28CF5
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/icon-facebook_gscale.png
                                                            Preview:RIFF ...WEBPVP8L..../.@..5@.mkys....33'#......\e-..JT......q+....H..o..m.e..M..f]..e.XBg.=.... ..^.~..^.}...0R?....}... O..(...o.k......%V.'....-.......lg......'..b..v..A....$..../Q....-.x<c.S.R......|b...4KN......bc..}. A.`.j.hV..H0..4+.........q....,....,.,..o... A#..+....H...#..1$@

                                                            Chrome Cache Entry: 209

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 160 x 160, 8-bit grayscale, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):5822
                                                            Entropy (8bit):7.953567269449597
                                                            Encrypted:false
                                                            SSDEEP:96:FxXDcVufZHu81jXDK0FvwSnOlNzcnLJvryyQTZUk0ATauKoZZxFfuhYxTYDfjlH0:vAV4I2jX/vwSnOlNzcLJzypT70IhZ7fJ
                                                            MD5:2C7D410CF19E9FC3C3CFDE0A5199952A
                                                            SHA1:87637958B2EEEDBBFFDA414EB5EBAD1D447FD4E7
                                                            SHA-256:87959416DDCED4D21E869AB9578E54B44F857A1278FA3AF9B7D64B7FCFD64310
                                                            SHA-512:AFE8483573E048B2D2719F3204E958905DCBFFBF776EE7D2E0C4BC95B2C5B7D9B45B1836583BB9446AD61BF62BF2E7282865EB58D506749DEF0318DCFE080E85
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...............8.....IDATx...Ir$;..a...H&.d.M.L6.\.=p....5.Je.|.%....,,".~q.n....i.mrT.l.\..Z.2..... dU&..A..q6..+.#....P.FQ....B[.....ct={q..[u.Q.N.K.#..=!..o..q.H|..S......U+f.t......L.uU..L..R.....U...O....h.M...C.i..`~.5N...5......Fn.....?.z=5...-.J.=Fw..>....p...I.......m....1.W4...*.E.......D:R".1..A.-.ri..HJ....R.;..&.y1PKQqk..$.l\X.......b&.,d(....n..su.Q....rf....f...K.ctP7%.G..cE.F...q........U<..'.1Q.cat=Xq........C...i..Ax.....>.........P.9....q)..*{TU...&Ll^.......,...........3.......S.uv...Me........../..g....v......+.S../^.3.....I....ct....."..kxS..,...#.1.9..JQ7....Ub...$.@....QZ.`....|6Z...E.A.1..Z.a..0..M...Z............}]... ....Hu..o}7..`......bX...3e..*."L%.YZ..../..@.XC..!.....$.+|.C.r...L9.=Fw<.|*3.p.~2..............WG...P..B......?S..PD...5w.Bo...o..E.f..U.......:.N.7..X?...X.......=\nSj.i.g#..Qg..Y......k.nb....co....hB|U.e.M..O...P.!.v....n..L...n.3...3/.....$...p.?..$.x.{......C.K|...s.h.M

                                                            Chrome Cache Entry: 210

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (7794)
                                                            Category:downloaded
                                                            Size (bytes):7884
                                                            Entropy (8bit):5.23928499975092
                                                            Encrypted:false
                                                            SSDEEP:96:XMV9c53Loelt529jDEc5nfuExtJ6hAFRW2T4OI4BLnL6RUhqp/:cVqLltojDEcnhDC2UM0zp/
                                                            MD5:7343B4524A5E03B6AE269C79AABB1EE1
                                                            SHA1:0C30FE4E299C5696A7DD71912B3430F1D6EA1847
                                                            SHA-256:4012E72340A8FE919A143F73D348B6A79351BC48771C8BA2B1FAB35C4EC37B4A
                                                            SHA-512:15821ADA4E25474CBD0DEB5DF62B8E1815C78DA382C7E9744A3561A4320C17589EAB99CD9EC24A9872CED4BE2FCC4F107CCB74C18266550E9042DB09E319A298
                                                            Malicious:false
                                                            URL:https://app.prntscr.com/en/thankyou_desktop.html
                                                            Preview:<!DOCTYPE HTML> [if lt IE 9]><html lang="en" class="ie-old"><![endif]--> [if (gt IE 8)|!(IE)]> ><html lang="en"> <![endif]--><head><meta charset="utf-8"> <title>Lightshot . screenshot tool for Mac & Win</title> <link rel="stylesheet" href="//st.prntscr.com/2023/07/24/0635/css/main.css"/> <script src="//st.prntscr.com/2023/07/24/0635/js/jquery.1.8.2.min.js" type="text/javascript"></script> <script src="//st.prntscr.com/2023/07/24/0635/js/script.mix.js"></script> <script>(function(d,e,j,h,f,c,b){d.GoogleAnalyticsObject=f;d[f]=d[f]||function(){(d[f].q=d[f].q||[]).push(arguments)},d[f].l=1*new Date();c=e.createElement(j),b=e.getElementsByTagName(j)[0];c.async=1;c.src=h;b.parentNode.insertBefore(c,b)})(window,document,"script","//www.google-analytics.com/analytics.js","ga");ga("create","UA-34258828-1","auto");ga("send","pageview");</script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-0DR1D0LZJH"></script> <script>window.dataLayer=window.dataLayer||[];fun

                                                            Chrome Cache Entry: 211

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):2070
                                                            Entropy (8bit):7.895264399824082
                                                            Encrypted:false
                                                            SSDEEP:48:i2Fc0Vd66nwxiVEK+6V+R2bLOX/NF4d7umURKvSoiNdjoVzb:tx66E61+kaFF41PURKKNdjoVP
                                                            MD5:120C7CB01E5BB9B5D5E2F31DC97A7035
                                                            SHA1:276D30B08DC787589F951BB86C84925D89850DC5
                                                            SHA-256:4CFD2E3BACA2834CBC754DB2D93D2C8C354EA002A40F3FCD4C7B1BE04D009961
                                                            SHA-512:C834526FE72D22833F7D32FAD82919BCCE27C35D6A926C68E1620377AD75C516564972804680B6F74FC9687531F44B2E52ADF3323F397B6C798A6663A0F51EDA
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/helper-button.png
                                                            Preview:RIFF....WEBPVP8L....//....P...m...=......8.I..............woLg:.g4.W`P.q.....v.K.m.m...{.....TO.1.......J\..O 4V.....V.=....]....m....m.N....v.?..=..K...c......x..K.%...>".......A...9."E......]..P8..6.y...?.T............+..].....F#{}..0...y`....f8..n7.e.|,..G.(~0..>..l..p..^m'C..........i. ......$I&..y..w..E..?E...7....~.I.}&u.J.n...<o.;..L'$I....).7<...tF.2H. $.a..t.6Y...q2... s\4...6...Y.Q.7>[...*.6.4/F..%..............<9..Oo..[............._....N.&...V.}&...:V@....o.......X].9.9.h...=.2........&..|...o..q%p.[..6...tF.....Rl..(*4..].|...........}yW....K.l.z..7...#..]...@...:.<.p.h...]..g.5...f....b....$...tF.Dp9.9.....V......P..*;....q.Q(.@.vT. .8.....U......c....m+.%;.D...t...(!<..Z-.z..qp......h.X.Cv...>.j..%#-......a.4.5.X;..f.qD....a.h......Q.PBh>.T*...a.....E.R.Xx+....A;..l\.@..x..a.o0..l.@].=..;<../G.<@.......i.g..P..M...CA........R.Q6.^Jj....[4..N....EQ>r.&[N:.....d..6.d.r.-'.:..u.-.....d.....0.).e.)x.....f.v......[....F\.}v.

                                                            Chrome Cache Entry: 212

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):374
                                                            Entropy (8bit):7.352325311870949
                                                            Encrypted:false
                                                            SSDEEP:6:tZbTqkYvih6cz+uK0VUCmK3W2B3VlAfOftYvNEPwbzRE0WSrfs1BmtghlZ0gP3j:rVh7+yW2B3VLYFdzsSr2BKg9B3j
                                                            MD5:CE19DA53CCE24BD41E5E97E971AF191C
                                                            SHA1:08F9B8369EFE61C133E1AFBF2590BE4755FDC512
                                                            SHA-256:5A3A63B2AC124CB9A194EC01EA1F0D3123E4019BF658C6F47A77B4FAEA84C079
                                                            SHA-512:D62693D03478F88CC5F5B9AAF4902E07EC8B8C16EB226522AC1425D5022BCBAA60BDF0798F3FA2946A945DB290B289AF77D4ED782E3EBEA3468586156768EA65
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/icon-twitter_gscale.png
                                                            Preview:RIFFn...WEBPVP8Lb.../....5@...t....+0..v.mEO..mdO.m31~X..E..m..m..T...Ne..].......Y.gn.._z.D.hvx.....{.\...8...w...n,..$.....".m{}..C.....O....b.fa...........O-.0.N.....;.......d.LE].'8...Np.%s..8..[6...^X/Z..yF.....V.H 8..7.f1.m.%1p An...7.m..y.o...".c...>.}.HE...@C..f......*q........S..b..9...D..DF..^..+l..<[....l.b|.A"../.ie.mvXd...p..)0.../.D.....a@*

                                                            Chrome Cache Entry: 213

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:RIFF (little-endian) data, Web/P image
                                                            Category:downloaded
                                                            Size (bytes):40
                                                            Entropy (8bit):4.353055907333274
                                                            Encrypted:false
                                                            SSDEEP:3:Ql5ZrJVfUP4kn:Q3ZVVfUPp
                                                            MD5:B017299A2A7F172F9A19F622080A5E98
                                                            SHA1:2CD68BA5FB3AB8A882BD9EF7F7CC48E0F68C8F55
                                                            SHA-256:B6A1120CC303B1C6EE6D548A5B418C2707B59DE0C1F13C8AB870CA4E734B6ACC
                                                            SHA-512:B7E266764CE3EB2C4CBC423D0D6F1823F9C483DDAD09A199D1EB86B3EDD0F16D388DB72329829437AE442EEE7314F93249444FE7EB1901843A51026ADFC4496C
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/button-icon-sep.png
                                                            Preview:RIFF ...WEBPVP8L..../.....0..?....<T ...

                                                            Chrome Cache Entry: 214

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 2 x 1, 8-bit gray+alpha, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):73
                                                            Entropy (8bit):4.376507324407265
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPlto/sOyxdsgyS5n9zslll2up:6v/lhPLAg15n5s/kup
                                                            MD5:6B44FED0D85EF838DF74D71AB4B2F598
                                                            SHA1:519426BE75783BA27AC7934DB401FDC5D1D4CEA6
                                                            SHA-256:74FC9790591889F425470AE79E7743B029B00BB62986CB58BFF19E502D30963E
                                                            SHA-512:D1FBFABF66F58A764364BC54ACA154F47641C836CAAC89F1154A27915C808B1F9459B9415BF17C97E4871D00EDCB171419739E3585B04D0C5D70BD27E6125199
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.............^+......IDATx................D{.....IEND.B`.

                                                            Chrome Cache Entry: 215

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (19948), with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):19948
                                                            Entropy (8bit):5.261902742187293
                                                            Encrypted:false
                                                            SSDEEP:384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65
                                                            MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                                            SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                                            SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                                            SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                                            Malicious:false
                                                            URL:https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
                                                            Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                                            Chrome Cache Entry: 216

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (2343)
                                                            Category:downloaded
                                                            Size (bytes):52916
                                                            Entropy (8bit):5.51283890397623
                                                            Encrypted:false
                                                            SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                            MD5:575B5480531DA4D14E7453E2016FE0BC
                                                            SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                            SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                            SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                            Malicious:false
                                                            URL:https://www.google-analytics.com/analytics.js
                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                            Chrome Cache Entry: 217

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, progressive, precision 8, 480x317, components 3
                                                            Category:downloaded
                                                            Size (bytes):29907
                                                            Entropy (8bit):7.948306889678443
                                                            Encrypted:false
                                                            SSDEEP:768:hlWxXo/qmcQg19rfYOKP99IO08ahSZROs8RvJgKrSJ/dgjr2:hlWxXo/qblfsP99IO0thSZcsC2/dcr2
                                                            MD5:713C2AD92E9B72A27B60A80E1B2694FE
                                                            SHA1:2D1091A214118419D5A6D7509740339DEBB95351
                                                            SHA-256:DCFBD734B6107E93CE118C60CD927EEABC2A8C8F4CF9FE2F5E82B36E40604D7F
                                                            SHA-512:EF9308D6DA6C3EB186A6DA329DC42F83D1FD0C5F2E00DE9B6712E93E49F7C7ED259D3087B7FD1B22EFF40CDDCC06826E2EDF7D900C34E9F1D4F1CB7F91BCFC78
                                                            Malicious:false
                                                            URL:https://st.prntscr.com/2023/07/24/0635/img/img-pic-480.jpg
                                                            Preview:......................................................................................................................................................=.............../...............................................................l....z...|.H.a...IK.......h.Ni.Y....$.0J$.8z.p.......".#.4........m.Ka.Z.D...bb.D....d_&...De.D0....z.&a..fA.....8.....d...\'-..X,.".!9)p.....S1....C',..p`....A=..3.?;.h....M..%%$.D..p...NL8..Z.a.....T3M......p.5K...!.b>....?6...D...G. .....A.... ..d...C.r.!(es..s.;.9c.2...6K...g..V~........22 G....C.8..Y%.B.C...C. ..x.Lh.y....xY.6.....(. ?F.A......b... .2H...) ...a....1`..Q.7..h.O|4....<..%=.F...G2..$l.@~{.>...`...%..%%$.rBQ.L.$.......;".....g.....x...'..}JsG.'.U?A.."3...H..Z....`..)`!....A.!..B.a.=|.6M.=0.N..9...%:R.}.f..Fy....B|F|.g..@...`.z...r.6.(....(..0....S :.s.0..No...9C.4..0{Qp.........|V|.Q)..S#1G.F...K...Yp.j.E.L..........V8C...r..W3.'Fz..N\.OH4.O4-.H."..X...Q!.T.....A..J@.A.... K.D..1..&..Y7J.3`.7..T..3

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):7.774912772810246
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:setup-lightshot 1.exe
                                                            File size:2'786'328 bytes
                                                            MD5:a1f6923e771b4ff0df9fec9555f97c65
                                                            SHA1:545359cd68d0ee37f4b15e1a22c2c9a5fda69e22
                                                            SHA256:928c2808421dfd487ffa697379548cbe682c0e13aeb595eb89973ba9c515b8a1
                                                            SHA512:c9e54f48208151dcf60bf049d09a5c69f6ef7e4f046359fdfd50c61d49a6f9a37c3d3a2016d4beb70ae47270e9e9689e03064c02bee1e1d3d95998000e47f153
                                                            SSDEEP:49152:/i85nVhfVnQiGmEwZbyVKf3tOOr/o2rm0mMXgT11rNjiG0C+0LRzasw:a85nVZarmEwZecPzJWDLN+GwOnw
                                                            TLSH:A2D512C1A1A550B1E9A8B8F1B966D4112CF63CA84DC3544D3EF9F23E0472A87DD3A91F
                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                            File Icon

                                                            Icon Hash:0c06920363ed6d19

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x41181c
                                                            Entrypoint Section:.itext
                                                            Digitally signed:true
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:0
                                                            File Version Major:5
                                                            File Version Minor:0
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:0
                                                            Import Hash:20dd26497880c05caed9305b3c8b9109

                                                            Authenticode Signature

                                                            Signature Valid:true
                                                            Signature Issuer:CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
                                                            Signature Validation Error:The operation completed successfully
                                                            Error Number:0
                                                            Not Before, Not After
                                                            • 30/05/2019 01:39:46 30/05/2022 01:39:46
                                                            Subject Chain
                                                            • CN=Kilonova LLC, O=Kilonova LLC, L=Seattle, S=Washington, C=US
                                                            Version:3
                                                            Thumbprint MD5:01CF5F0DB47B2689D338B977568A2CED
                                                            Thumbprint SHA-1:65F3B3CC35EFDEC600A6E68FF7A5C1DEF5054EC9
                                                            Thumbprint SHA-256:450898F0278E753151C321FF1A5C4CF37B7AE36B03A8214447A486D4D41A27E1
                                                            Serial:00C93423CE0C606667

                                                            Entrypoint Preview

                                                            Instruction
                                                            push ebp
                                                            mov ebp, esp
                                                            add esp, FFFFFFA4h
                                                            push ebx
                                                            push esi
                                                            push edi
                                                            xor eax, eax
                                                            mov dword ptr [ebp-3Ch], eax
                                                            mov dword ptr [ebp-40h], eax
                                                            mov dword ptr [ebp-5Ch], eax
                                                            mov dword ptr [ebp-30h], eax
                                                            mov dword ptr [ebp-38h], eax
                                                            mov dword ptr [ebp-34h], eax
                                                            mov dword ptr [ebp-2Ch], eax
                                                            mov dword ptr [ebp-28h], eax
                                                            mov dword ptr [ebp-14h], eax
                                                            mov eax, 0041015Ch
                                                            call 00007FAF987D476Dh
                                                            xor eax, eax
                                                            push ebp
                                                            push 00411EFEh
                                                            push dword ptr fs:[eax]
                                                            mov dword ptr fs:[eax], esp
                                                            xor edx, edx
                                                            push ebp
                                                            push 00411EBAh
                                                            push dword ptr fs:[edx]
                                                            mov dword ptr fs:[edx], esp
                                                            mov eax, dword ptr [00415B48h]
                                                            call 00007FAF987DCECBh
                                                            call 00007FAF987DCA1Ah
                                                            cmp byte ptr [00412AE0h], 00000000h
                                                            je 00007FAF987DF9EEh
                                                            call 00007FAF987DCFE0h
                                                            xor eax, eax
                                                            call 00007FAF987D2805h
                                                            lea edx, dword ptr [ebp-14h]
                                                            xor eax, eax
                                                            call 00007FAF987D9A4Bh
                                                            mov edx, dword ptr [ebp-14h]
                                                            mov eax, 00418658h
                                                            call 00007FAF987D2DDAh
                                                            push 00000002h
                                                            push 00000000h
                                                            push 00000001h
                                                            mov ecx, dword ptr [00418658h]
                                                            mov dl, 01h
                                                            mov eax, dword ptr [0040C04Ch]
                                                            call 00007FAF987DA362h
                                                            mov dword ptr [0041865Ch], eax
                                                            xor edx, edx
                                                            push ebp
                                                            push 00411E66h
                                                            push dword ptr fs:[edx]
                                                            mov dword ptr fs:[edx], esp
                                                            call 00007FAF987DCF3Eh
                                                            mov dword ptr [00418664h], eax
                                                            mov eax, dword ptr [00418664h]
                                                            cmp dword ptr [eax+0Ch], 01h
                                                            jne 00007FAF987DFA2Ah

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x190000xe04.idata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1c0000x64408.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x2a6a700x19a8
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1b0000x18.rdata
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x193040x214.idata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000xf25c0xf4000da5d73ffbc41792fa65a09058a91476False0.5482197745901639data6.375879013420213IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .itext0x110000xfa40x10002eb275566563c3f1d0099a0da7345b74False0.563720703125data5.778765357049134IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .data0x120000xc8c0xe0073b859e23f5fd17e00c08db2e0e73dfeFalse0.25362723214285715data2.3028287433175367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .bss0x130000x56bc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .idata0x190000xe040x1000e9b9c0328fd9628ad4d6ab8283dcb20eFalse0.321533203125data4.597812557707959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .tls0x1a0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rdata0x1b0000x180x2003dffc444ccc131c9dcee18db49ee6403False0.05078125data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .rsrc0x1c0000x644080x64600f4e2f1e3c96061c1389218e8762fe55dFalse0.21693551525529264data4.905507363696471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_ICON0x1c47c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6675531914893617
                                                            RT_ICON0x1c8e40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5098499061913696
                                                            RT_ICON0x1d98c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.41773858921161827
                                                            RT_ICON0x1ff340x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.3512045347189419
                                                            RT_ICON0x2415c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.25592984739145863
                                                            RT_ICON0x349840x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishUnited States0.19482498446607688
                                                            RT_STRING0x769ac0x68data0.6538461538461539
                                                            RT_STRING0x76a140xd4data0.5283018867924528
                                                            RT_STRING0x76ae80xa4data0.6524390243902439
                                                            RT_STRING0x76b8c0x2acdata0.45614035087719296
                                                            RT_STRING0x76e380x34cdata0.4218009478672986
                                                            RT_STRING0x771840x294data0.4106060606060606
                                                            RT_RCDATA0x774180x82e8dataEnglishUnited States0.11261637622344235
                                                            RT_RCDATA0x7f7000x10data1.5
                                                            RT_RCDATA0x7f7100x150data0.8392857142857143
                                                            RT_RCDATA0x7f8600x2cdata1.2045454545454546
                                                            RT_GROUP_ICON0x7f88c0x5adataEnglishUnited States0.7555555555555555
                                                            RT_VERSION0x7f8e80x4f4dataEnglishUnited States0.27602523659305994
                                                            RT_MANIFEST0x7fddc0x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                            Imports

                                                            DLLImport
                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                            user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                            user32.dllCreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW
                                                            kernel32.dllWriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle
                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW
                                                            comctl32.dllInitCommonControls
                                                            kernel32.dllSleep
                                                            advapi32.dllAdjustTokenPrivileges

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            EnglishUnited States

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Sep 27, 2024 08:30:02.672225952 CEST49675443192.168.2.4173.222.162.32
                                                            Sep 27, 2024 08:30:21.167195082 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:21.167247057 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:21.167315006 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:21.258992910 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:21.259017944 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:23.570178986 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:23.570252895 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:23.579351902 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:23.579366922 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:23.579722881 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:23.625312090 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:24.361808062 CEST49672443192.168.2.4173.222.162.32
                                                            Sep 27, 2024 08:30:24.361851931 CEST44349672173.222.162.32192.168.2.4
                                                            Sep 27, 2024 08:30:25.092761993 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.092811108 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:25.092885971 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.094980955 CEST4974080192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:25.099771023 CEST8049740104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:25.099845886 CEST4974080192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:25.100081921 CEST4974080192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:25.105226994 CEST8049740104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:25.162950993 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.163009882 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:25.163085938 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.583647966 CEST8049740104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:25.583995104 CEST4974080192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:25.804572105 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.804589033 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:25.804610968 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:25.804683924 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.673283100 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.673295021 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.673363924 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.673376083 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.707484961 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:26.715516090 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.715563059 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.715624094 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.736589909 CEST4972380192.168.2.4199.232.210.172
                                                            Sep 27, 2024 08:30:26.741722107 CEST8049723199.232.210.172192.168.2.4
                                                            Sep 27, 2024 08:30:26.741806030 CEST4972380192.168.2.4199.232.210.172
                                                            Sep 27, 2024 08:30:26.747198105 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.747230053 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.755393982 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926805019 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926837921 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926846981 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926856995 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926891088 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.926903009 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:26.926919937 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.927102089 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:26.927786112 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.927865982 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:26.927872896 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.927906990 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:26.927968979 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:26.945091963 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.945141077 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:26.945632935 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.960091114 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:26.960123062 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.086695910 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.086726904 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.087084055 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.087142944 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.106384993 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.106426001 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.106758118 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.106806040 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.394118071 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.394166946 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.394298077 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.411032915 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.411050081 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.458025932 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.458096027 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.487728119 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.487981081 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.492014885 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:27.492037058 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:27.492398024 CEST49736443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:30:27.492403984 CEST4434973652.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:30:27.528790951 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.528825045 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.529402018 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.529450893 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.531429052 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.531601906 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.535403013 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.575407028 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.696428061 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.696521044 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.710201979 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.710285902 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.710300922 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.710371017 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.713330030 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.713443041 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.713506937 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.764388084 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.764475107 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.764812946 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.764898062 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.766380072 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.807403088 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.810432911 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.810525894 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:27.810539961 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:27.810710907 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.001343966 CEST49739443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.001418114 CEST4434973993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.001562119 CEST49744443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.001596928 CEST4434974493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.001918077 CEST49741443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.001954079 CEST4434974193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.015388966 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.015434980 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.015512943 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.015744925 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.015764952 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.015897036 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.015933037 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.016107082 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.016832113 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.016844034 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.030282021 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.030323029 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.030386925 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.030580997 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.030596972 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.068746090 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.068856001 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.068888903 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.068914890 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.068948984 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.068970919 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.070318937 CEST49747443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.070338011 CEST4434974793.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.084285021 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.084330082 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.084402084 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.084616899 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.084629059 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.137721062 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.137830019 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.150487900 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.150521040 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.150837898 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.150887966 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.152612925 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.195405960 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.513350010 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.513412952 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.513432026 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.513454914 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.513468981 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.513490915 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.526462078 CEST49749443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.526494026 CEST4434974993.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.540627956 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.540738106 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.540848970 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.541101933 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.541138887 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.724692106 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.724762917 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.725433111 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.725445032 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.725644112 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.725650072 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.744431019 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.744712114 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.745183945 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.745193005 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.745491982 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.745503902 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.755884886 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.755953074 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.772788048 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.772804976 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.773349047 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.773355007 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.808223009 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.808352947 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.808818102 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.808828115 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:28.809298038 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:28.809303999 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.082079887 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.082169056 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.082195044 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.082247972 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.107352972 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.107458115 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.107614040 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.126161098 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.126280069 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.126363039 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.129370928 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.129462957 CEST4434975093.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.129528046 CEST49750443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.161647081 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.161770105 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.161869049 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.169024944 CEST49751443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.169049025 CEST4434975193.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.259748936 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.262782097 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.313721895 CEST49752443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.313760042 CEST4434975293.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.360724926 CEST49753443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.360749960 CEST4434975393.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.362673998 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.362682104 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.363002062 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.363007069 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.384428024 CEST4975680192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.517618895 CEST8049756104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:29.517815113 CEST4975680192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.518033028 CEST4975680192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.522887945 CEST8049756104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:29.727675915 CEST4974080192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.740930080 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.740984917 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.740999937 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.741064072 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.741080999 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.741112947 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.745282888 CEST49754443192.168.2.493.158.134.119
                                                            Sep 27, 2024 08:30:29.745295048 CEST4434975493.158.134.119192.168.2.4
                                                            Sep 27, 2024 08:30:29.792835951 CEST4975780192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.797791004 CEST8049757104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:29.797874928 CEST4975780192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.798371077 CEST4975780192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:29.803163052 CEST8049757104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:30.000452995 CEST8049756104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:30.000873089 CEST4975680192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:30.175878048 CEST4975680192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:30.260159016 CEST8049757104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:30.260230064 CEST4975780192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:30.414067030 CEST5652753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:30.418967962 CEST53565271.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:30.419148922 CEST5652753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:30.420964003 CEST4975780192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:30.423974037 CEST53565271.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:30.749635935 CEST4972480192.168.2.4199.232.210.172
                                                            Sep 27, 2024 08:30:30.754848003 CEST8049724199.232.210.172192.168.2.4
                                                            Sep 27, 2024 08:30:30.754906893 CEST4972480192.168.2.4199.232.210.172
                                                            Sep 27, 2024 08:30:30.906583071 CEST5652753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:30.916033030 CEST5652753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:30.921026945 CEST53565271.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:30.921101093 CEST5652753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:35.523133993 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:35.523171902 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:35.523258924 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:35.523612022 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:35.523627996 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.883158922 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:36.883199930 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:36.883347034 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:36.884547949 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.895304918 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:36.895322084 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.896538019 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.896682024 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:36.902642012 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:36.902803898 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.904746056 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:36.904763937 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:36.909492016 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:36.909514904 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:36.945837975 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.038408041 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.038508892 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.038595915 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.196093082 CEST56534443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.196127892 CEST44356534104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.226322889 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.226351976 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.226435900 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.226679087 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.226692915 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.575944901 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:37.576018095 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:37.611478090 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:37.611498117 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:37.611725092 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:37.658680916 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:37.667210102 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:37.684075117 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.684577942 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.684608936 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.684940100 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.685516119 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.685586929 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.685636997 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:37.707405090 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:37.727406025 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:37.738013029 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.022133112 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022167921 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022197962 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022224903 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022245884 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022272110 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022283077 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.022353888 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.022438049 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.022485971 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.022645950 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.022752047 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.029350996 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.029371977 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.029386044 CEST56535443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.029392958 CEST44356535184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.052644968 CEST56536443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.052663088 CEST44356536104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094255924 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094310999 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094377041 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094396114 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094461918 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094515085 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094558001 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094626904 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094778061 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094793081 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094919920 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.094930887 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.094963074 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.095172882 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.095187902 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.121402025 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.121457100 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.126571894 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.127397060 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.127417088 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.566628933 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.566909075 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.566936016 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.568734884 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.568814993 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.569906950 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.570049047 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.570367098 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.574625015 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.576842070 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.576867104 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.577972889 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.578289032 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.578922987 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.579037905 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.579088926 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.580869913 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.584754944 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.584779978 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.585841894 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.586395979 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.586901903 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.586982012 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.587065935 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.615400076 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.623402119 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.623729944 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.623744965 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.631397963 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.674052954 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.674083948 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.674098015 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.674110889 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.677687883 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.807496071 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807518959 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807636023 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807723045 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807729006 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.807729006 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.807756901 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807775021 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.807949066 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808036089 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808099031 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808103085 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808104992 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808130026 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808137894 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808140039 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808157921 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808166027 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808192968 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808197021 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808207035 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808244944 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808252096 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808258057 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808264971 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808286905 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808300018 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808300018 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808306932 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808316946 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808330059 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808358908 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808386087 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808413029 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808443069 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808482885 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808578014 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.808607101 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.808651924 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.809076071 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.809231043 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.809252977 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.809597969 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.809608936 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.809675932 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.812134981 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.814500093 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814551115 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814568043 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814652920 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814745903 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814857006 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.814945936 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.815033913 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.815119028 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.815208912 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816211939 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.816211939 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.816236019 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816236019 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.816248894 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816258907 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816272020 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816282034 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816298962 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816308022 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816334009 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816365957 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816477060 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.816478968 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816524029 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.816524029 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.816536903 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.816576004 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.817145109 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817197084 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817290068 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817322969 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817351103 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817380905 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.817405939 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.818253040 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.818288088 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.818329096 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.818595886 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.818618059 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.818900108 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.819009066 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.820034981 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.820066929 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.820420980 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.820457935 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821033955 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821053982 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821242094 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821249008 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821288109 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821290016 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821340084 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821355104 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821412086 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821444988 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821474075 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821500063 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821516991 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.821640968 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.821650982 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.822587013 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:38.823132038 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.823147058 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.823808908 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.825516939 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.825527906 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.827806950 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.827868938 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.827894926 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.828021049 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.828042030 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.828907013 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.828933001 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.828934908 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.828944921 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.829231024 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.829346895 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.829355955 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.830941916 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.830971003 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.830996990 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831028938 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831051111 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831248999 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.831263065 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831296921 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831326008 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.831351995 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.833769083 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.833785057 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.835752010 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.835779905 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.835787058 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.835798979 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.835829973 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.835835934 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.867399931 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:38.877666950 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.877670050 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.877691984 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.877698898 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.877726078 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.896766901 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.896825075 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897165060 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897217989 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897260904 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897306919 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897347927 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897496939 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897540092 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897679090 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.897753954 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.897927999 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.898564100 CEST56538443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.898577929 CEST44356538104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.908346891 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.908580065 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.908611059 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.908639908 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.909378052 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.909387112 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.909778118 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.909786940 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910206079 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910243034 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910341024 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910523891 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910626888 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.910650015 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.911011934 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.911180019 CEST56537443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.911185980 CEST44356537104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919405937 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919440031 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919471979 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919500113 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919528961 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.919826031 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.920205116 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.920245886 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.920351982 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.922368050 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.922403097 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.922414064 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.922441959 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.922573090 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.922895908 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.926095963 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.926423073 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.926492929 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.926529884 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.926592112 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.931227922 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.931895971 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.931931973 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.932621956 CEST56539443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.932636023 CEST44356539104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.939940929 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.942523003 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.942539930 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.949333906 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.949364901 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.949847937 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.949856043 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.952378035 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.952699900 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.952948093 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.952959061 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.953080893 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.953094959 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.957494020 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.957515955 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.958014965 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.958059072 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.958877087 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.958991051 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.959115982 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.959134102 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.959245920 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:38.959258080 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:38.961918116 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:38.961951017 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:38.963413954 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:38.964308023 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:38.964318991 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.093400955 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:39.093492985 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:39.096142054 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:39.144800901 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:39.144800901 CEST56540443192.168.2.4184.28.90.27
                                                            Sep 27, 2024 08:30:39.144872904 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:39.144905090 CEST44356540184.28.90.27192.168.2.4
                                                            Sep 27, 2024 08:30:39.151109934 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.151158094 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.151969910 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.152416945 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.152429104 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.281563997 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.287411928 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.287437916 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.288003922 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.289589882 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.300276041 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.300286055 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.300525904 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.300659895 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.300673008 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.300870895 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.301166058 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.301234961 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.301254034 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.343400955 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.343408108 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.348678112 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.409651995 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.414587021 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.414839029 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.414863110 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.415909052 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.415924072 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.415975094 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.416318893 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.416390896 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.416487932 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.418771982 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.421370029 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.421451092 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.421621084 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.421834946 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.421844959 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.423242092 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.423918962 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.423989058 CEST56542443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.424015999 CEST44356542104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.424279928 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.424329042 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.425440073 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.425662041 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.425687075 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.431534052 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.437203884 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.440956116 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.441037893 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.456918001 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.459413052 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.472070932 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.472784042 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.487649918 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.489010096 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.523794889 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.523818970 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.524321079 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.524336100 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.524770021 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.525151968 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.525296926 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.525312901 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.525468111 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.525481939 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.526581049 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.526601076 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.526905060 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.526912928 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.527225018 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.527249098 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.527347088 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.527414083 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.527431965 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.527842045 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.527854919 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.528507948 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.528526068 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.532418013 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.532507896 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.533875942 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.533984900 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.534147978 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.534266949 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.534423113 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.534677029 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.534693956 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.534897089 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.534914970 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.534964085 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.534996033 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.535036087 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.535923958 CEST56543443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.535953045 CEST44356543104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.536303043 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.536338091 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.537838936 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.538619041 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.538630962 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.544111967 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.544157982 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.544487953 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.544531107 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.547842979 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.547844887 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.548664093 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.548682928 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.548800945 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.548826933 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564165115 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564227104 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564256907 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564299107 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564805031 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564832926 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.564884901 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.565901995 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.565932035 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.565943003 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.567255020 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.567405939 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.570108891 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.573596001 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.573605061 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.575412035 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.575423956 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.578588963 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.578607082 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.578613043 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.578613043 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.578613043 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.578629017 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.578638077 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.578639984 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.578644037 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.578650951 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.635092020 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.635118961 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.637192965 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.637245893 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.637245893 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.638875008 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.638945103 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.642942905 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.643232107 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643294096 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643326044 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643367052 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643403053 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643441916 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643924952 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.643956900 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643996000 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.643996954 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.644040108 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.644906998 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.646684885 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.646717072 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.646723986 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.647727013 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.647799015 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.647937059 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.648019075 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.652313948 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.652604103 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.652672052 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653019905 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653069019 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653143883 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653716087 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653763056 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653795958 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.653847933 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.654643059 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.654658079 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.654676914 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.654691935 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.654691935 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.654694080 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.654721975 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.654761076 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.654876947 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.654923916 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.655664921 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.655698061 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.655788898 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.655827045 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.656622887 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.656656981 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.656687975 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.656718969 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.669115067 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.669150114 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.669169903 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.673453093 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.688693047 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.688698053 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.729629040 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.729712009 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.729787111 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.729880095 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.732088089 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.735162973 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.735187054 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.736531019 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.736540079 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.736674070 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.737101078 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.737191916 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.737235069 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.740803003 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.740894079 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.740931034 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.740961075 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.741080999 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.741499901 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.741544962 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.741576910 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.741908073 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.742008924 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.746476889 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.754496098 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.779442072 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.782947063 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.782972097 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.786755085 CEST56544443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.786782980 CEST44356544104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.800534010 CEST56545443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.800555944 CEST44356545104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.800965071 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.800998926 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.801378012 CEST56546443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.801384926 CEST44356546104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.801734924 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.801785946 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.802217007 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.802592039 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.803092003 CEST56548443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.803122044 CEST44356548104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.803303003 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.803338051 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.804006100 CEST56547443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.804033041 CEST44356547104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.804210901 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.804241896 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.804713011 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.804724932 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.804877996 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.804902077 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.808442116 CEST56549443192.168.2.4104.16.79.73
                                                            Sep 27, 2024 08:30:39.808473110 CEST44356549104.16.79.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.808573961 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.808722019 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.809173107 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.809190035 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.809451103 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.809478998 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.828217030 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.828263998 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.828386068 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.828860998 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.828882933 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.832209110 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.832262993 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.832365990 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.832578897 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.832595110 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.833570004 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.833602905 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.833842993 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.834270954 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.834284067 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.839324951 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.844552994 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:39.844595909 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.844671965 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:39.844877958 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:39.844892979 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:39.853773117 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.853821993 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.853864908 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.853945017 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.853976965 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.853986979 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.854013920 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.854062080 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.854099989 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.854150057 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.854370117 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.854379892 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.854784012 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.855200052 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.855205059 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.855649948 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.859724998 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.883408070 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:39.883467913 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:39.883574009 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:39.883805990 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:39.883822918 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:39.900420904 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.946073055 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946432114 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946470976 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946485996 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.946513891 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946552992 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946806908 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.946814060 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.946894884 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.947086096 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947148085 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947182894 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947288036 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.947295904 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947905064 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947942019 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.947997093 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.948674917 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.948729992 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.948767900 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.948810101 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.948842049 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.949577093 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.949637890 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.949687958 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.949722052 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.951122046 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.951131105 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.951152086 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.951255083 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.993894100 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.994398117 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.994410992 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.994805098 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.995173931 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:39.995251894 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:39.995282888 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.002507925 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.002779007 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.002806902 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.003139019 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.003448963 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.003514051 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.003562927 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.005594015 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.007489920 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.007514954 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.007971048 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.008769989 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.008862972 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.008886099 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.013504028 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.015645981 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.015678883 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.016789913 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.016863108 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.017175913 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.017251015 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.017307997 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.038489103 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.038561106 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.038597107 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.038634062 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.038728952 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.039048910 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.039074898 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.039163113 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.039239883 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.039401054 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.039778948 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.039784908 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.039892912 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.039982080 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.040064096 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.040186882 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.040416956 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.040424109 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041022062 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041059971 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041069031 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.041083097 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041205883 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.041834116 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041892052 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.041899920 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.041985989 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.041999102 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.042016983 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.042160988 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.042275906 CEST56553443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.042290926 CEST44356553104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.042634010 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.042668104 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.043216944 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.043435097 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.043443918 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.051403999 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.052993059 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.055402040 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.056596041 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.056725025 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.063406944 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.068259001 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.068288088 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.113651037 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.129715919 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.129797935 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.129936934 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.130512953 CEST56555443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.130536079 CEST44356555104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.130918980 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.130963087 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.132131100 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.132525921 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.132544041 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.175127029 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.175302982 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.175719976 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.176321030 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.176388025 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.177793980 CEST56557443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.177824020 CEST44356557104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.177946091 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.178236961 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.178278923 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.178386927 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.178441048 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.178505898 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.179050922 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.179090023 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.179490089 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.179506063 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.181611061 CEST56556443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.181638002 CEST44356556104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.181994915 CEST56554443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.182020903 CEST44356554104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.182275057 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.182302952 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.182395935 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.182862997 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.182881117 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.218435049 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.218468904 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.219353914 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.219887972 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.219903946 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.271682978 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.272139072 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.272167921 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.272311926 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.272551060 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.272578955 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.272608042 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.272965908 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.273061037 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.273225069 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.274082899 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.274143934 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.274440050 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.274528027 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.274575949 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.278410912 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.278671980 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.278688908 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.279751062 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.279809952 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.280148029 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.280221939 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.280265093 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.280272007 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.288038969 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.288237095 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.288249016 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.288578033 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.288862944 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.288929939 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.289139032 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.291680098 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.292124987 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.292136908 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.293164968 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.293229103 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.293677092 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.293754101 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.293873072 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.297725916 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.298683882 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.298716068 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.299253941 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.299660921 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.299729109 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.299736977 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.299767971 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.302413940 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.302608967 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.302624941 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.302903891 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.303082943 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.303112984 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.303472996 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.303731918 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.303806067 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.303853989 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.306245089 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.306391954 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.306720018 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.306869030 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.306984901 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.319400072 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.319408894 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.328830957 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.335401058 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.335414886 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.343588114 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.343760967 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.351397991 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.359251976 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.359275103 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.403853893 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.403889894 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.403914928 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.403955936 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.404158115 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.404483080 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.404510021 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.405925035 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.405925989 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.405930996 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.405942917 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.405950069 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.408624887 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.408636093 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.408737898 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.408744097 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.408934116 CEST56561443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.408957958 CEST44356561104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417519093 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417587042 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417690039 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417732000 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417747974 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.417754889 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.417839050 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.418041945 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.418952942 CEST56563443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.418967009 CEST44356563104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.419337988 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.419399023 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.419712067 CEST56560443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.419724941 CEST44356560104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.420002937 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.420427084 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.420448065 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.437031031 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.437660933 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.438740015 CEST56562443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.438762903 CEST44356562104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.441200972 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.441786051 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.442867994 CEST56564443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.442881107 CEST44356564104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.450474024 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.450611115 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.450712919 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.450797081 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.450891018 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.450975895 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.451061964 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.451148987 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.451250076 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.454958916 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.456799030 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.456820011 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.459916115 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.459976912 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.460033894 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.460087061 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.460131884 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.460171938 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.460294008 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.463742018 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.463953018 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.463953018 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.467222929 CEST56559443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.467250109 CEST44356559104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.480690002 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.487785101 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.487822056 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.489898920 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.490820885 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.490870953 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.490906954 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.490917921 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.490930080 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491000891 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491031885 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.491039038 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491147995 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491173983 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491189957 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.491206884 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491511106 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.491518974 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491853952 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.491931915 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.492113113 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.492697001 CEST56558443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.492708921 CEST44356558104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.495222092 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.495265007 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.495481968 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.495727062 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.495747089 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.499025106 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.499052048 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.499217987 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.499979973 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.500006914 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.521122932 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.521390915 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.521408081 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.521960020 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.522272110 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.522440910 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.522644997 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.536689997 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.536880970 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.537017107 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.537096024 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.537245035 CEST56565443192.168.2.4104.16.80.73
                                                            Sep 27, 2024 08:30:40.537260056 CEST44356565104.16.80.73192.168.2.4
                                                            Sep 27, 2024 08:30:40.551877975 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:40.552083969 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:40.552114964 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:40.553123951 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:40.553179979 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:40.554150105 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:40.554219007 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:40.596848011 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.597094059 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.597116947 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.597453117 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.597826958 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.597894907 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.597974062 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.601229906 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:40.601248980 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:40.633791924 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.634131908 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.634162903 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.634601116 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.637780905 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.637918949 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.637918949 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.639408112 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.645981073 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.647810936 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.647878885 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:40.657368898 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.657788992 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.657818079 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.658150911 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.658575058 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.658632994 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.658730984 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.677248001 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.677484035 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.677508116 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.677838087 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.678147078 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.678208113 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.678273916 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.679050922 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.679099083 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.679150105 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.679250002 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.679709911 CEST56567443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.679729939 CEST44356567104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.683408976 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.699407101 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.719410896 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.743720055 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.743776083 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.743809938 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.743839025 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.743923903 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.744036913 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.744663000 CEST56568443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.744683981 CEST44356568104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.748130083 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.748176098 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.748498917 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.748742104 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.748758078 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.771234989 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.771315098 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.778107882 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.778198004 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.786358118 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.808439970 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.808494091 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.808552980 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.816252947 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.817375898 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.817430019 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.817462921 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.817578077 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.823400974 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.831284046 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.862128019 CEST56572443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.862143993 CEST44356572104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.862837076 CEST56569443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.862873077 CEST44356569104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.863208055 CEST56570443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.863217115 CEST44356570104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.870673895 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.870701075 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.871268034 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.871649981 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.871696949 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.871840000 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.871850967 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.872193098 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.872236967 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.872426033 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.872499943 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.872873068 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.872889042 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.873058081 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.873070955 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.876804113 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.876835108 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.877099991 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.877373934 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.877378941 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.878050089 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.878315926 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.878343105 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.878678083 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.879502058 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.879570961 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.879611015 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.879653931 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.927412033 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.950815916 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.951097012 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.951119900 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.951611996 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.951934099 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.952025890 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.952074051 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.969096899 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.969356060 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.969389915 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.970453978 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.970515013 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.971411943 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.971506119 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.971618891 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.974173069 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.974391937 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.974405050 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.974726915 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.975047112 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.975109100 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:40.975166082 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:40.995410919 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.013138056 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.013210058 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.013401985 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.013992071 CEST56576443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.014017105 CEST44356576104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.016056061 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.016073942 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.019408941 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.031286955 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.031348944 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.062328100 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.077287912 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077347040 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077395916 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077436924 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077471018 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077502966 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.077523947 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077862978 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.077970982 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.078813076 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.079005003 CEST56578443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.079020977 CEST44356578104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.109755993 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.109848022 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.109875917 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.109905005 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.110117912 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.110152006 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.110187054 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.110213041 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.110297918 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.110541105 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.111594915 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.111609936 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.111871004 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.114502907 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.120273113 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.120337963 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.120625019 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.121169090 CEST56579443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.121195078 CEST44356579104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.121995926 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.122030020 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.122766018 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.123123884 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.123141050 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.173930883 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.173945904 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200155020 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200195074 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200258017 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.200272083 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200368881 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.200375080 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200604916 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200655937 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.200668097 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200711012 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.200814962 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.200829029 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.201513052 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.201598883 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.201608896 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.201621056 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.201672077 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.201680899 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.201716900 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.202083111 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.202368975 CEST56580443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.202404976 CEST44356580104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.222120047 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.222913980 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.222924948 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.223958015 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.224265099 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.224343061 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.224411964 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.271394968 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.274924994 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.324120045 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.324376106 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.324404955 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.324759960 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.325112104 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.325191021 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.325269938 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.325305939 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.325335979 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.326462984 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.326704979 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.326718092 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.327748060 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.328500032 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.328886986 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.328886986 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.328898907 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.328957081 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.330527067 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.330722094 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.330749035 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.331080914 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.331330061 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.331357002 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.331449032 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.331465006 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.331656933 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.331681013 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.331998110 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.332258940 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.332305908 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.332360029 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.373135090 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373187065 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373217106 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373255014 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373256922 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.373292923 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373363972 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.373599052 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.374406099 CEST56581443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.374419928 CEST44356581104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.375221968 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.375242949 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.375269890 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.375283003 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.375293970 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.375396013 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.432343960 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.432415009 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.452452898 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.471941948 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.471992016 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.472023964 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.472043991 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.472137928 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.475434065 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.475440025 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.479046106 CEST56582443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.479090929 CEST44356582104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480597973 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480607033 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480609894 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.480638981 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480659962 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480669022 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480695009 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480737925 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.480743885 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480756998 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.480756998 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.480803013 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.483200073 CEST56584443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.483231068 CEST44356584104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.483613014 CEST56583443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.483647108 CEST44356583104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.484339952 CEST56585443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.484357119 CEST44356585104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.490020990 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.490061045 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.490761995 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.491657972 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.491668940 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.509455919 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.509507895 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.514014959 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.514441967 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.514461040 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.588272095 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.588776112 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.588784933 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.589762926 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.589901924 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.590188980 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.590250015 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.590326071 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.635404110 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.676079988 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.676090002 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.729237080 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.729449987 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.729861021 CEST56586443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.729882002 CEST44356586104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.750566959 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.750617981 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.750744104 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.751154900 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.751166105 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.959775925 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.965503931 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.966738939 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.966753006 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.966860056 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.966885090 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.967705965 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.967849016 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.968369007 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.968508005 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:41.968516111 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.968552113 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.968585014 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.968833923 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:41.968909025 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:41.968923092 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.011408091 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.011639118 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.011673927 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.011682987 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.052123070 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.091907024 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092036009 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092122078 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092195034 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092241049 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.092256069 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092372894 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.092381001 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092420101 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.092421055 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.092459917 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.113584995 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113626003 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113651037 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113676071 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113698959 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113778114 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113804102 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113832951 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.113900900 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.125555992 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.143804073 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.210961103 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.213613033 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.213624001 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.214680910 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.219403982 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.224745989 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.225975037 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.226082087 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.226141930 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.252592087 CEST56590443192.168.2.4104.23.139.12
                                                            Sep 27, 2024 08:30:42.252619982 CEST44356590104.23.139.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.264842033 CEST56589443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.264873028 CEST44356589104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.267406940 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.285656929 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.285665989 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.361443043 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.387417078 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.394150972 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.408994913 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.457614899 CEST56591443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.457643032 CEST44356591104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.716054916 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.716109037 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:42.716311932 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.716535091 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:42.716551065 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.181875944 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.200912952 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.200962067 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.201500893 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.202352047 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.202425003 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.202505112 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.247400999 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.372699976 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.504484892 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504540920 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504574060 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504607916 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504641056 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504724026 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.504754066 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504796028 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.504801035 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504859924 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504909992 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.504925013 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.505006075 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.505117893 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.505350113 CEST56592443192.168.2.4104.23.140.12
                                                            Sep 27, 2024 08:30:43.505362988 CEST44356592104.23.140.12192.168.2.4
                                                            Sep 27, 2024 08:30:43.610898972 CEST4973280192.168.2.4152.199.19.74
                                                            Sep 27, 2024 08:30:43.610932112 CEST4973480192.168.2.4152.199.19.74
                                                            Sep 27, 2024 08:30:43.617866039 CEST8049732152.199.19.74192.168.2.4
                                                            Sep 27, 2024 08:30:43.617913008 CEST4973280192.168.2.4152.199.19.74
                                                            Sep 27, 2024 08:30:43.617919922 CEST8049734152.199.19.74192.168.2.4
                                                            Sep 27, 2024 08:30:43.617968082 CEST4973480192.168.2.4152.199.19.74
                                                            Sep 27, 2024 08:30:50.446995020 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:50.447062969 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:30:50.447217941 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:52.188304901 CEST56566443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:30:52.188337088 CEST44356566142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:07.434076071 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:07.434118986 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:07.434196949 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:07.434592962 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:07.434606075 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.249248981 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.249511003 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.251276970 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.251290083 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.251667976 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.260498047 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.307406902 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504115105 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504149914 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504175901 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504259109 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.504306078 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504374027 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.504868031 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504915953 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504931927 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.504950047 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.504976988 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.505340099 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.505394936 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.533308983 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.533348083 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:08.533377886 CEST56594443192.168.2.452.165.165.26
                                                            Sep 27, 2024 08:31:08.533395052 CEST4435659452.165.165.26192.168.2.4
                                                            Sep 27, 2024 08:31:39.946667910 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:39.946718931 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:39.946782112 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:39.947046995 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:39.947065115 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:40.579911947 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:40.580236912 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:40.580261946 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:40.580585957 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:40.580916882 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:40.580979109 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:40.632406950 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:50.488737106 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:50.490655899 CEST44356596142.250.184.196192.168.2.4
                                                            Sep 27, 2024 08:31:50.490714073 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:52.189750910 CEST56596443192.168.2.4142.250.184.196
                                                            Sep 27, 2024 08:31:52.189780951 CEST44356596142.250.184.196192.168.2.4

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Sep 27, 2024 08:30:16.241909027 CEST138138192.168.2.4192.168.2.255
                                                            Sep 27, 2024 08:30:24.356829882 CEST6054253192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:24.918725967 CEST5286153192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:25.086724043 CEST53528611.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:25.087551117 CEST53605421.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:30.413708925 CEST53607971.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.496567965 CEST6181153192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:35.496886015 CEST5645153192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:35.502619028 CEST53594741.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.505862951 CEST53631211.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.506175995 CEST53618111.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.506367922 CEST53564511.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.513087034 CEST5284953192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:35.513257980 CEST6158853192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:35.522356033 CEST53528491.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:35.522737980 CEST53615881.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:37.289869070 CEST53508041.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.084460020 CEST5575653192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.084595919 CEST5920453192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.093425035 CEST53557561.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.093440056 CEST53592041.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.917829037 CEST6109453192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.918024063 CEST5510853192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.927400112 CEST53610941.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.927912951 CEST53551081.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.951010942 CEST6222753192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.951124907 CEST6500053192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:38.960273027 CEST53634051.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.960500956 CEST53622271.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.960639000 CEST53650001.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:38.962408066 CEST53641801.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:39.835798979 CEST6372953192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:39.835935116 CEST6225653192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:39.843301058 CEST53637291.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:39.843312979 CEST53622561.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:39.875669956 CEST6413053192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:39.875823975 CEST6133253192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:39.882514954 CEST53613321.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:39.882577896 CEST53641301.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:40.222671032 CEST53606241.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:40.379621029 CEST53575941.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:40.484493971 CEST5909153192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:40.484632969 CEST5651853192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:40.493973017 CEST53565181.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:40.494016886 CEST53590911.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:41.496694088 CEST6262153192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:41.496912003 CEST5992553192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:41.503397942 CEST53626211.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:41.505824089 CEST53599251.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:41.737226009 CEST5438953192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:41.737380028 CEST4917253192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:30:41.744512081 CEST53543891.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:41.748409986 CEST53491721.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:30:54.288911104 CEST53501261.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:31:13.023030043 CEST53618781.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:31:35.337723970 CEST53600951.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:31:35.781349897 CEST53627391.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:31:39.938438892 CEST5774253192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:31:39.938558102 CEST5018453192.168.2.41.1.1.1
                                                            Sep 27, 2024 08:31:39.945132971 CEST53577421.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:31:39.945254087 CEST53501841.1.1.1192.168.2.4
                                                            Sep 27, 2024 08:32:03.212084055 CEST53540311.1.1.1192.168.2.4

                                                            ICMP Packets

                                                            TimestampSource IPDest IPChecksumCodeType
                                                            Sep 27, 2024 08:30:41.750731945 CEST192.168.2.41.1.1.1c20a(Port unreachable)Destination Unreachable

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Sep 27, 2024 08:30:24.356829882 CEST192.168.2.41.1.1.10x4e11Standard query (0)updater.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:24.918725967 CEST192.168.2.41.1.1.10x592aStandard query (0)mc.yandex.ruA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.496567965 CEST192.168.2.41.1.1.10x2b0dStandard query (0)app.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.496886015 CEST192.168.2.41.1.1.10xc442Standard query (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.513087034 CEST192.168.2.41.1.1.10x2dddStandard query (0)app.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.513257980 CEST192.168.2.41.1.1.10x26eeStandard query (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.084460020 CEST192.168.2.41.1.1.10xfda6Standard query (0)st.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.084595919 CEST192.168.2.41.1.1.10x8710Standard query (0)st.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.917829037 CEST192.168.2.41.1.1.10x6e0dStandard query (0)st.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.918024063 CEST192.168.2.41.1.1.10xb5c1Standard query (0)st.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.951010942 CEST192.168.2.41.1.1.10x6abaStandard query (0)static.cloudflareinsights.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.951124907 CEST192.168.2.41.1.1.10x586Standard query (0)static.cloudflareinsights.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.835798979 CEST192.168.2.41.1.1.10xbd4dStandard query (0)static.cloudflareinsights.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.835935116 CEST192.168.2.41.1.1.10xd329Standard query (0)static.cloudflareinsights.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.875669956 CEST192.168.2.41.1.1.10xff40Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.875823975 CEST192.168.2.41.1.1.10xa8ddStandard query (0)www.google.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:40.484493971 CEST192.168.2.41.1.1.10xc00bStandard query (0)api.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:40.484632969 CEST192.168.2.41.1.1.10xb867Standard query (0)api.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.496694088 CEST192.168.2.41.1.1.10x3845Standard query (0)app.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.496912003 CEST192.168.2.41.1.1.10xd96Standard query (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.737226009 CEST192.168.2.41.1.1.10x50eStandard query (0)api.prntscr.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.737380028 CEST192.168.2.41.1.1.10xa514Standard query (0)api.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:31:39.938438892 CEST192.168.2.41.1.1.10x2821Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:31:39.938558102 CEST192.168.2.41.1.1.10x43c1Standard query (0)www.google.com65IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Sep 27, 2024 08:30:25.086724043 CEST1.1.1.1192.168.2.40x592aNo error (0)mc.yandex.ru93.158.134.119A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:25.086724043 CEST1.1.1.1192.168.2.40x592aNo error (0)mc.yandex.ru77.88.21.119A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:25.086724043 CEST1.1.1.1192.168.2.40x592aNo error (0)mc.yandex.ru87.250.250.119A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:25.086724043 CEST1.1.1.1192.168.2.40x592aNo error (0)mc.yandex.ru87.250.251.119A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:25.087551117 CEST1.1.1.1192.168.2.40x4e11No error (0)updater.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:25.087551117 CEST1.1.1.1192.168.2.40x4e11No error (0)updater.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.506175995 CEST1.1.1.1192.168.2.40x2b0dNo error (0)app.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.506175995 CEST1.1.1.1192.168.2.40x2b0dNo error (0)app.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.506367922 CEST1.1.1.1192.168.2.40xc442No error (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.522356033 CEST1.1.1.1192.168.2.40x2dddNo error (0)app.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.522356033 CEST1.1.1.1192.168.2.40x2dddNo error (0)app.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:35.522737980 CEST1.1.1.1192.168.2.40x26eeNo error (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.093425035 CEST1.1.1.1192.168.2.40xfda6No error (0)st.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.093425035 CEST1.1.1.1192.168.2.40xfda6No error (0)st.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.093440056 CEST1.1.1.1192.168.2.40x8710No error (0)st.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.927400112 CEST1.1.1.1192.168.2.40x6e0dNo error (0)st.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.927400112 CEST1.1.1.1192.168.2.40x6e0dNo error (0)st.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.927912951 CEST1.1.1.1192.168.2.40xb5c1No error (0)st.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.960500956 CEST1.1.1.1192.168.2.40x6abaNo error (0)static.cloudflareinsights.com104.16.79.73A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.960500956 CEST1.1.1.1192.168.2.40x6abaNo error (0)static.cloudflareinsights.com104.16.80.73A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:38.960639000 CEST1.1.1.1192.168.2.40x586No error (0)static.cloudflareinsights.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.843301058 CEST1.1.1.1192.168.2.40xbd4dNo error (0)static.cloudflareinsights.com104.16.80.73A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.843301058 CEST1.1.1.1192.168.2.40xbd4dNo error (0)static.cloudflareinsights.com104.16.79.73A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.843312979 CEST1.1.1.1192.168.2.40xd329No error (0)static.cloudflareinsights.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.882514954 CEST1.1.1.1192.168.2.40xa8ddNo error (0)www.google.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:39.882577896 CEST1.1.1.1192.168.2.40xff40No error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:40.493973017 CEST1.1.1.1192.168.2.40xb867No error (0)api.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:40.494016886 CEST1.1.1.1192.168.2.40xc00bNo error (0)api.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:40.494016886 CEST1.1.1.1192.168.2.40xc00bNo error (0)api.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.503397942 CEST1.1.1.1192.168.2.40x3845No error (0)app.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.503397942 CEST1.1.1.1192.168.2.40x3845No error (0)app.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.505824089 CEST1.1.1.1192.168.2.40xd96No error (0)app.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.744512081 CEST1.1.1.1192.168.2.40x50eNo error (0)api.prntscr.com104.23.140.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.744512081 CEST1.1.1.1192.168.2.40x50eNo error (0)api.prntscr.com104.23.139.12A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:30:41.748409986 CEST1.1.1.1192.168.2.40xa514No error (0)api.prntscr.com65IN (0x0001)false
                                                            Sep 27, 2024 08:31:39.945132971 CEST1.1.1.1192.168.2.40x2821No error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                            Sep 27, 2024 08:31:39.945254087 CEST1.1.1.1192.168.2.40x43c1No error (0)www.google.com65IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • slscr.update.microsoft.com
                                                            • mc.yandex.ru
                                                            • app.prntscr.com
                                                            • https:
                                                              • st.prntscr.com
                                                              • static.cloudflareinsights.com
                                                              • api.prntscr.com
                                                            • fs.microsoft.com
                                                            • updater.prntscr.com

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.449740104.23.140.1280792C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            Sep 27, 2024 08:30:25.100081921 CEST302OUTGET /getver/updater?ping=true HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: updater.prntscr.com
                                                            Connection: Keep-Alive
                                                            Sep 27, 2024 08:30:25.583647966 CEST538INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:25 GMT
                                                            Content-Type: text/xml
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            Expires: Fri, 27 Sep 2024 19:29:43 GMT
                                                            Cache-Control: max-age=86400
                                                            Last-Modified: Thu, 26 Sep 2024 19:29:43 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 38965
                                                            Vary: Accept-Encoding
                                                            Server: cloudflare
                                                            CF-RAY: 8c9971e97e098c0f-EWR
                                                            Content-Encoding: gzip
                                                            Data Raw: 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8c 41 0e c2 20 10 00 bf c2 6d 4f 85 7a 6b 4c 69 6f be c0 3e 00 61 63 49 e8 96 2c 8b ed f3 8d ca c1 e3 24 33 33 ce e7 96 d4 0b b9 c4 9d 2c 5c 74 0f 0a c9 ef 21 d2 d3 c2 72 bf 75 03 cc d3 58 73 70 82 2a 92 90 db d0 c2 8f 19 fe cb 41 f7 9f 3a 52 11 97 12 72 e5 64 61 15 c9 57 63 9a af 33 93 14 cf da ef 9b 79 d4 98 42 31 05 a5 e6 ae 09 5d db 68 3c 11 d4 b1 3a 29 84 c7 f7 04 d3 d8 36 d3 1b 31 a5 fa 99 b5 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 94MA mOzkLio>acI,$33,\t!ruXsp*A:RrdaWc3yB1]h<:)610


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.449756104.23.140.12804324C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            Sep 27, 2024 08:30:29.518033028 CEST292OUTGET /getver/updater HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: updater.prntscr.com
                                                            Connection: Keep-Alive
                                                            Sep 27, 2024 08:30:30.000452995 CEST538INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:29 GMT
                                                            Content-Type: text/xml
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            Expires: Fri, 27 Sep 2024 15:36:29 GMT
                                                            Cache-Control: max-age=86400
                                                            Last-Modified: Thu, 26 Sep 2024 15:36:29 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 53516
                                                            Vary: Accept-Encoding
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972051abc78d6-EWR
                                                            Content-Encoding: gzip
                                                            Data Raw: 39 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8c 41 0e c2 20 10 00 bf c2 6d 4f 85 7a 6b 4c 69 6f be c0 3e 00 61 63 49 e8 96 2c 8b ed f3 8d ca c1 e3 24 33 33 ce e7 96 d4 0b b9 c4 9d 2c 5c 74 0f 0a c9 ef 21 d2 d3 c2 72 bf 75 03 cc d3 58 73 70 82 2a 92 90 db d0 c2 8f 19 fe cb 41 f7 9f 3a 52 11 97 12 72 e5 64 61 15 c9 57 63 9a af 33 93 14 cf da ef 9b 79 d4 98 42 31 05 a5 e6 ae 09 5d db 68 3c 11 d4 b1 3a 29 84 c7 f7 04 d3 d8 36 d3 1b 31 a5 fa 99 b5 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 94MA mOzkLio>acI,$33,\t!ruXsp*A:RrdaWc3yB1]h<:)610


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.449757104.23.140.1280980C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            Sep 27, 2024 08:30:29.798371077 CEST294OUTGET /getver/lightshot HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: updater.prntscr.com
                                                            Connection: Keep-Alive
                                                            Sep 27, 2024 08:30:30.260159016 CEST545INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:30 GMT
                                                            Content-Type: text/xml
                                                            Transfer-Encoding: chunked
                                                            Connection: keep-alive
                                                            Expires: Fri, 27 Sep 2024 13:35:29 GMT
                                                            Cache-Control: max-age=86400
                                                            Last-Modified: Thu, 26 Sep 2024 13:35:29 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 49270
                                                            Vary: Accept-Encoding
                                                            Server: cloudflare
                                                            CF-RAY: 8c997206bd358c63-EWR
                                                            Content-Encoding: gzip
                                                            Data Raw: 39 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 45 cc 41 0e 82 30 10 00 c0 af f4 b6 27 b6 78 20 1a 43 e1 e6 0b f4 01 15 36 b4 49 d9 36 ed 56 78 be 89 12 7d c0 4c 3f ee 6b 50 2f ca c5 47 36 70 c2 16 14 f1 14 67 cf 8b 81 c7 fd d6 5c 60 1c fa 9a 66 2b a4 3c 0b db 95 0c 04 bf 38 29 2e 0a fc 6d 87 1d b6 78 06 e5 b9 88 0d 81 72 cd c1 80 13 49 57 ad bf 43 c6 94 59 ca 94 71 8a ab 7e 56 1f e6 a2 0b 49 4d cd af 6c 8e 08 69 27 50 9b b3 52 98 b6 cf 05 43 7f 44 c3 1b 24 fd f0 c8 b9 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: 9bEA0'x C6I6Vx}L?kP/G6pg\`f+<8).mxrIWCYq~VIMli'PRCD$0


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.44973652.165.165.26443
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRU+RlmW167yutC&MD=pYEwBk3e HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                            Host: slscr.update.microsoft.com
                                                            2024-09-27 06:30:26 UTC560INHTTP/1.1 200 OK
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            Content-Type: application/octet-stream
                                                            Expires: -1
                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                            MS-CorrelationId: 2cd8dfa0-5f15-493e-93c1-a0b2c62eb1e6
                                                            MS-RequestId: 955a5d82-bb1c-41ed-a81d-296bc41f38af
                                                            MS-CV: rdC/NjEbyEiG0aiF.0
                                                            X-Microsoft-SLSClientCache: 2880
                                                            Content-Disposition: attachment; filename=environment.cab
                                                            X-Content-Type-Options: nosniff
                                                            Date: Fri, 27 Sep 2024 06:30:25 GMT
                                                            Connection: close
                                                            Content-Length: 24490
                                                            2024-09-27 06:30:26 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                            2024-09-27 06:30:26 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.44974193.158.134.1194434432C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:27 UTC345OUTGET /watch/44161209?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            2024-09-27 06:30:27 UTC1243INHTTP/1.1 302 Moved temporarily
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Date: Fri, 27 Sep 2024 06:30:27 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Location: /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=1
                                                            Pragma: no-cache
                                                            Set-Cookie: yabs-sid=318014041727418627; Path=/
                                                            Set-Cookie: i=w8qrRTsHR0CAPt3xyBCWN1iqcMeb1wh5di7AIXjjSwVDsjFrJDne9tZAtaz93QkTeh89pfNSsigDTVsnhPnWQ/z6A8U=; Expires=Mon, 25-Sep-2034 06:30:24 GMT; Domain=.yandex.ru; Path=/; HttpOnly
                                                            Set-Cookie: yandexuid=9373816541727418627; Expires=Mon, 25-Sep-2034 06:30:24 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; Expires=Sat, 27-Sep-2025 06:30:27 GMT; Domain=.yandex.ru; Path=/
                                                            Strict-Transport-Security: max-age=31536000
                                                            Transfer-Encoding: chunked
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.44973993.158.134.1194434324C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:27 UTC337OUTGET /watch/44161209?page-url=%2Fsys%2FUpdater%2FTimeToUpdate&ut=noindex HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            2024-09-27 06:30:27 UTC1235INHTTP/1.1 302 Moved temporarily
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Date: Fri, 27 Sep 2024 06:30:27 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Location: /watch/44161209/1?page-url=%2Fsys%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1
                                                            Pragma: no-cache
                                                            Set-Cookie: yabs-sid=834489591727418627; Path=/
                                                            Set-Cookie: i=5WR7ieDRgvmtg6sGWbxFzyNRk1yD8wGmOVyh90lv7Z4CD1m8S3IzBq8HbFrgTrg2g5Hy+V/SiUGohZPA59SEadkMhYQ=; Expires=Mon, 25-Sep-2034 06:29:51 GMT; Domain=.yandex.ru; Path=/; HttpOnly
                                                            Set-Cookie: yandexuid=2733293781727418627; Expires=Mon, 25-Sep-2034 06:29:51 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; Expires=Sat, 27-Sep-2025 06:30:27 GMT; Domain=.yandex.ru; Path=/
                                                            Strict-Transport-Security: max-age=31536000
                                                            Transfer-Encoding: chunked
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.44974493.158.134.119443792C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:27 UTC329OUTGET /watch/44161209?page-url=%2Fusr%2FUpdater%2FPing&ut=noindex HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            2024-09-27 06:30:27 UTC1228INHTTP/1.1 302 Moved temporarily
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Date: Fri, 27 Sep 2024 06:30:27 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Location: /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FPing&ut=noindex&redirnss=1
                                                            Pragma: no-cache
                                                            Set-Cookie: yabs-sid=2276765981727418627; Path=/
                                                            Set-Cookie: i=U4ukxXBwiLTuoJfI/Ft9HsbBqnTr8cF2TTd+ViPIZOySZPiEKX/S+Eu8ZUtCNUkb7wnnQZFQX0AujeitHvnqJFHVPA8=; Expires=Mon, 25-Sep-2034 06:30:26 GMT; Domain=.yandex.ru; Path=/; HttpOnly
                                                            Set-Cookie: yandexuid=6096172251727418627; Expires=Mon, 25-Sep-2034 06:30:26 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; Expires=Sat, 27-Sep-2025 06:30:27 GMT; Domain=.yandex.ru; Path=/
                                                            Strict-Transport-Security: max-age=31536000
                                                            Transfer-Encoding: chunked
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.44974793.158.134.1194435232C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:27 UTC347OUTGET /watch/44161209?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            2024-09-27 06:30:28 UTC1246INHTTP/1.1 302 Moved temporarily
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Date: Fri, 27 Sep 2024 06:30:27 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:27 GMT
                                                            Location: /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=1
                                                            Pragma: no-cache
                                                            Set-Cookie: yabs-sid=1574500721727418627; Path=/
                                                            Set-Cookie: i=4IMBjOyhOXs04BWrOMy15PEo9eZrsWGKlLPpmZ15XKBnpOUrO1XdEqICaOIhJL+rYF1HSagKWKtOmoy63cdNztX+Sr8=; Expires=Mon, 25-Sep-2034 06:30:25 GMT; Domain=.yandex.ru; Path=/; HttpOnly
                                                            Set-Cookie: yandexuid=7454964041727418627; Expires=Mon, 25-Sep-2034 06:30:25 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; Expires=Sat, 27-Sep-2025 06:30:27 GMT; Domain=.yandex.ru; Path=/
                                                            Strict-Transport-Security: max-age=31536000
                                                            Transfer-Encoding: chunked
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.44974993.158.134.119443980C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:28 UTC337OUTGET /watch/44161209?page-url=%2Fusr%2FUpdater%2FTimeToUpdate&ut=noindex HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            2024-09-27 06:30:28 UTC1398INHTTP/1.1 302 Moved temporarily
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Date: Fri, 27 Sep 2024 06:30:28 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Location: /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1
                                                            Pragma: no-cache
                                                            Set-Cookie: yabs-sid=2442611291727418628; Path=/
                                                            Set-Cookie: i=MGnnKl86RPDr8ZkUnGfRyJbCm+51V/l5IlsZvoHhIHru8F5Xhtn3RmNGgPFh751pbsRVJnKOSGIB9tBawnRA52diEIU=; Expires=Mon, 25-Sep-2034 06:30:16 GMT; Domain=.yandex.ru; Path=/; HttpOnly
                                                            Set-Cookie: yandexuid=2967564481727418628; Expires=Mon, 25-Sep-2034 06:30:16 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: ymex=1758954628.yrts.1727418628#1758954628.yrtsi.1727418628; Expires=Sat, 27-Sep-2025 06:30:28 GMT; Domain=.yandex.ru; Path=/
                                                            Set-Cookie: _yasc=c9TJMy9H31OgANP4T34MyV8ThXBxohSh+jOnoDYr3UI9/ldMjXtS3UNyAWqx7nRzviI=; domain=.yandex.ru; path=/; expires=Mon, 25 Sep 2034 06:30:28 GMT; secure
                                                            Strict-Transport-Security: max-age=31536000
                                                            Transfer-Encoding: chunked
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.44975093.158.134.1194434432C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:28 UTC583OUTGET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=1 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            Cookie: yabs-sid=318014041727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=9373816541727418627; i=U4ukxXBwiLTuoJfI/Ft9HsbBqnTr8cF2TTd+ViPIZOySZPiEKX/S+Eu8ZUtCNUkb7wnnQZFQX0AujeitHvnqJFHVPA8=
                                                            2024-09-27 06:30:29 UTC664INHTTP/1.1 200 Ok
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Content-Length: 43
                                                            Content-Type: image/gif
                                                            Date: Fri, 27 Sep 2024 06:30:28 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Pragma: no-cache
                                                            Strict-Transport-Security: max-age=31536000
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:29 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                            Data Ascii: GIF89a!,D;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.44975193.158.134.119443792C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:28 UTC568OUTGET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FPing&ut=noindex&redirnss=1 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            Cookie: yabs-sid=2276765981727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=9373816541727418627; i=U4ukxXBwiLTuoJfI/Ft9HsbBqnTr8cF2TTd+ViPIZOySZPiEKX/S+Eu8ZUtCNUkb7wnnQZFQX0AujeitHvnqJFHVPA8=
                                                            2024-09-27 06:30:29 UTC664INHTTP/1.1 200 Ok
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Content-Length: 43
                                                            Content-Type: image/gif
                                                            Date: Fri, 27 Sep 2024 06:30:28 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:28 GMT
                                                            Pragma: no-cache
                                                            Strict-Transport-Security: max-age=31536000
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:29 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                            Data Ascii: GIF89a!,D;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.44975293.158.134.1194434324C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:28 UTC575OUTGET /watch/44161209/1?page-url=%2Fsys%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            Cookie: yabs-sid=834489591727418627; i=5WR7ieDRgvmtg6sGWbxFzyNRk1yD8wGmOVyh90lv7Z4CD1m8S3IzBq8HbFrgTrg2g5Hy+V/SiUGohZPA59SEadkMhYQ=; yandexuid=2733293781727418627; ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627
                                                            2024-09-27 06:30:29 UTC664INHTTP/1.1 200 Ok
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Content-Length: 43
                                                            Content-Type: image/gif
                                                            Date: Fri, 27 Sep 2024 06:30:29 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Pragma: no-cache
                                                            Strict-Transport-Security: max-age=31536000
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:29 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                            Data Ascii: GIF89a!,D;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.44975393.158.134.1194435232C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:28 UTC586OUTGET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=1 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            Cookie: ymex=1758954627.yrts.1727418627#1758954627.yrtsi.1727418627; yandexuid=7454964041727418627; i=4IMBjOyhOXs04BWrOMy15PEo9eZrsWGKlLPpmZ15XKBnpOUrO1XdEqICaOIhJL+rYF1HSagKWKtOmoy63cdNztX+Sr8=; yabs-sid=1574500721727418627
                                                            2024-09-27 06:30:29 UTC664INHTTP/1.1 200 Ok
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Content-Length: 43
                                                            Content-Type: image/gif
                                                            Date: Fri, 27 Sep 2024 06:30:29 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Pragma: no-cache
                                                            Strict-Transport-Security: max-age=31536000
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:29 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                            Data Ascii: GIF89a!,D;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.44975493.158.134.119443980C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:29 UTC652OUTGET /watch/44161209/1?page-url=%2Fusr%2FUpdater%2FTimeToUpdate&ut=noindex&redirnss=1 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mc.yandex.ru
                                                            Connection: Keep-Alive
                                                            Cookie: ymex=1758954628.yrts.1727418628#1758954628.yrtsi.1727418628; yandexuid=2967564481727418628; i=MGnnKl86RPDr8ZkUnGfRyJbCm+51V/l5IlsZvoHhIHru8F5Xhtn3RmNGgPFh751pbsRVJnKOSGIB9tBawnRA52diEIU=; _yasc=c9TJMy9H31OgANP4T34MyV8ThXBxohSh+jOnoDYr3UI9/ldMjXtS3UNyAWqx7nRzviI=; yabs-sid=2442611291727418628
                                                            2024-09-27 06:30:29 UTC664INHTTP/1.1 200 Ok
                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                            Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            Connection: Close
                                                            Content-Length: 43
                                                            Content-Type: image/gif
                                                            Date: Fri, 27 Sep 2024 06:30:29 GMT
                                                            Expires: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Last-Modified: Fri, 27-Sep-2024 06:30:29 GMT
                                                            Pragma: no-cache
                                                            Strict-Transport-Security: max-age=31536000
                                                            X-XSS-Protection: 1; mode=block
                                                            2024-09-27 06:30:29 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                            Data Ascii: GIF89a!,D;


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.456534104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:36 UTC679OUTGET /thankyou_desktop.html HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            Upgrade-Insecure-Requests: 1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: navigate
                                                            Sec-Fetch-User: ?1
                                                            Sec-Fetch-Dest: document
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:37 UTC279INHTTP/1.1 302 Moved Temporarily
                                                            Date: Fri, 27 Sep 2024 06:30:36 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Location: https://app.prntscr.com/en/thankyou_desktop.html
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972310c70c33c-EWR
                                                            2024-09-27 06:30:37 UTC576INData Raw: 32 33 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 73 63 72 69 70 74 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 63 6c 6f 75 64 66 6c 61 72 65 69 6e 73 69 67 68 74 73 2e 63 6f 6d 2f 62 65 61 63 6f 6e 2e 6d 69 6e 2e 6a 73 2f 76 63 64 31 35 63 62 65 37 37 37 32 66 34 39 63 33 39 39 63 36 61 35 62 61 62 66 32 32 63 31 32 34 31 37 31 37 36 38 39 31 37 36 30 31 35 22 20 69 6e 74 65 67 72 69 74 79 3d 22
                                                            Data Ascii: 239<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center><script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="
                                                            2024-09-27 06:30:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.456535184.28.90.27443
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:37 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            Accept-Encoding: identity
                                                            User-Agent: Microsoft BITS/7.8
                                                            Host: fs.microsoft.com
                                                            2024-09-27 06:30:38 UTC466INHTTP/1.1 200 OK
                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                            Content-Type: application/octet-stream
                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                            Server: ECAcc (lpl/EF67)
                                                            X-CID: 11
                                                            X-Ms-ApiVersion: Distribute 1.2
                                                            X-Ms-Region: prod-weu-z1
                                                            Cache-Control: public, max-age=36937
                                                            Date: Fri, 27 Sep 2024 06:30:37 GMT
                                                            Connection: close
                                                            X-CID: 2


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.456536104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:37 UTC682OUTGET /en/thankyou_desktop.html HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            Upgrade-Insecure-Requests: 1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: navigate
                                                            Sec-Fetch-User: ?1
                                                            Sec-Fetch-Dest: document
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:38 UTC250INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:37 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:41 GMT
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c997236180443bd-EWR
                                                            2024-09-27 06:30:38 UTC1119INData Raw: 31 65 63 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 20 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 69 65 2d 6f 6c 64 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 20 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 38 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 4c 69 67 68 74 73 68 6f 74 20 e2 80 94 20 73 63 72 65 65 6e 73 68 6f 74 20 74 6f 6f 6c 20 66 6f 72 20 4d 61 63 20 26 20 57 69 6e 3c 2f 74 69 74 6c 65 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22
                                                            Data Ascii: 1ecc<!DOCTYPE HTML> ...[if lt IE 9]><html lang="en" class="ie-old"><![endif]--> ...[if (gt IE 8)|!(IE)]>...><html lang="en">...<![endif]--><head><meta charset="utf-8"> <title>Lightshot screenshot tool for Mac & Win</title> <link rel="stylesheet"
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 61 70 70 2e 70 72 6e 74 73 63 72 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 70 6c 61 79 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 63 6f 6d 2e 70 72 6e 74 73 63 72 2e 61 70 70 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 6f 6e 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 2d 63 6f 6e 73 74 72 61 69 6e 22 3e 20 3c 61 20 68 72 65 66 3d 22 2e 2f 22 20 63 6c 61 73 73 3d 22 68 65 61 64
                                                            Data Ascii: hortcut icon" href="//app.prntscr.com/favicon.ico"/> <meta name="google-play-app" content="app-id=com.prntscr.app"> <link rel="manifest" href="/manifest.json"></head><body class=""><div class="header"> <div class="page-constrain"> <a href="./" class="head
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 22 6c 61 6e 67 61 75 67 65 2d 6f 70 74 69 6f 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 6c 61 6e 67 2d 69 63 6f 6e 2d 6e 6c 22 3e 3c 2f 69 3e 44 75 74 63 68 20 2d 20 4e 65 64 65 72 6c 61 6e 64 73 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 69 64 3d 22 6c 61 6e 67 2d 65 6e 22 3e 3c 61 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 6c 61 6e 67 61 75 67 65 2d 6f 70 74 69 6f 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 6c 61 6e 67 2d 69 63 6f 6e 2d 65 6e 22 3e 3c 2f 69 3e 45 6e 67 6c 69 73 68 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 69 64 3d 22 6c 61 6e 67 2d 65 74 22 3e 3c 61 20 6c 61 6e 67 3d 22 65 74 22 20 63 6c 61 73 73 3d 22 6c 61 6e 67 61 75 67 65 2d 6f 70 74 69 6f 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 68 65 61 64
                                                            Data Ascii: "langauge-option"><i class="header-lang-icon-nl"></i>Dutch - Nederlands</a></li> <li id="lang-en"><a lang="en" class="langauge-option"><i class="header-lang-icon-en"></i>English</a></li> <li id="lang-et"><a lang="et" class="langauge-option"><i class="head
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 72 62 69 61 6e 20 2d 20 d0 a1 d1 80 d0 bf d1 81 d0 ba d0 b8 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 69 64 3d 22 6c 61 6e 67 2d 73 6b 22 3e 3c 61 20 6c 61 6e 67 3d 22 73 6b 22 20 63 6c 61 73 73 3d 22 6c 61 6e 67 61 75 67 65 2d 6f 70 74 69 6f 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 6c 61 6e 67 2d 69 63 6f 6e 2d 73 6b 22 3e 3c 2f 69 3e 53 6c 6f 76 61 6b 20 2d 20 53 6c 6f 76 65 6e c4 8d 69 6e 61 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 20 69 64 3d 22 6c 61 6e 67 2d 65 73 22 3e 3c 61 20 6c 61 6e 67 3d 22 65 73 22 20 63 6c 61 73 73 3d 22 6c 61 6e 67 61 75 67 65 2d 6f 70 74 69 6f 6e 22 3e 3c 69 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 6c 61 6e 67 2d 69 63 6f 6e 2d 65 73 22 3e 3c 2f 69 3e 53 70 61 6e 69 73 68 20 2d 20 45 73 70 61 c3 b1 6f
                                                            Data Ascii: rbian - </a></li> <li id="lang-sk"><a lang="sk" class="langauge-option"><i class="header-lang-icon-sk"></i>Slovak - Slovenina</a></li> <li id="lang-es"><a lang="es" class="langauge-option"><i class="header-lang-icon-es"></i>Spanish - Espao
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 6f 61 64 2d 6c 61 73 74 2d 74 72 69 67 67 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 75 74 74 6f 6e 5f 5f 77 72 61 70 20 64 6f 77 6e 6c 6f 61 64 2d 6f 70 65 6e 2d 64 6f 77 6e 6c 6f 61 64 2d 70 61 67 65 2d 67 6f 61 6c 22 3e 44 6f 77 6e 6c 6f 61 64 20 4c 69 67 68 74 73 68 6f 74 20 66 6f 72 20 66 72 65 65 3c 2f 64 69 76 3e 20 3c 2f 73 70 61 6e 3e 20 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 2d 73 6f 63 69 61 6c 22 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 77 69 74 74 65 72 2e 63 6f 6d 2f 4c 69 67 68 74 5f 73 68 6f 74 22 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 74 77 69 74 74 65 72 5f 67 73 63 61 6c 65 22 3e 3c 2f 69 3e 3c 2f 61 3e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77
                                                            Data Ascii: oad-last-trigger"> <div class="button__wrap download-open-download-page-goal">Download Lightshot for free</div> </span> </div> <div class="header-social"> <a href="https://twitter.com/Light_shot"><i class="icon-twitter_gscale"></i></a> <a href="http://www
                                                            2024-09-27 06:30:38 UTC1297INData Raw: 77 6e 6c 6f 61 64 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 74 75 74 6f 72 69 61 6c 73 2e 68 74 6d 6c 22 3e 54 75 74 6f 72 69 61 6c 73 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 70 72 69 76 61 63 79 2e 68 74 6d 6c 22 3e 50 72 69 76 61 63 79 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 74 65 72 6d 73 2d 6f 66 2d 73 65 72 76 69 63 65 2e 68 74 6d 6c 22 3e 54 65 72 6d 73 20 6f 66 20 73 65 72 76 69 63 65 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 66 61 71 2e 68 74 6d 6c 22 3e 46 41 51 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 68 65 6c 70 2e 68 74 6d 6c 22 3e 48 65 6c 70 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c
                                                            Data Ascii: wnload</a></li> <li><a href="./tutorials.html">Tutorials</a></li> <li><a href="./privacy.html">Privacy</a></li> <li><a href="./terms-of-service.html">Terms of service</a></li> <li><a href="./faq.html">FAQ</a></li> <li><a href="./help.html">Help</a></li> <
                                                            2024-09-27 06:30:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.456538104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:38 UTC554OUTGET /2023/07/24/0635/css/main.css HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: text/css,*/*;q=0.1
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: style
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:38 UTC350INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:38 GMT
                                                            Content-Type: text/css
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-23a0"
                                                            Expires: Fri, 27 Sep 2024 06:35:55 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 1483
                                                            Server: cloudflare
                                                            CF-RAY: 8c99723b99817cfa-EWR
                                                            2024-09-27 06:30:38 UTC1019INData Raw: 37 65 34 35 0d 0a 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 63 61 6e 76 61 73 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 63 6c 65 61 72 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 7d 2a 2c 3a 62 65 66 6f 72 65 2c 3a 61 66 74 65 72 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 63 6f 6c 6f 72 20 2e 33 73 3b 2d 6f 2d 74 72 61 6e
                                                            Data Ascii: 7e45article,aside,canvas,details,figcaption,figure,footer,header,hgroup,menu,nav,section,summary{display:block}.clear{overflow:hidden;visibility:hidden;clear:both;font-size:0}*,:before,:after{margin:0;padding:0;border:0;-moz-transition:color .3s;-o-tran
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 61 64 6f 77 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 35 35 29 20 30 20 2d 31 70 78 20 32 70 78 2c 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 36 29 20 30 20 31 70 78 20 31 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 35 35 29 20 30 20 2d 31 70 78 20 32 70 78 2c 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 36 29 20 30 20 31 70 78 20 31 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 35 35 29 20 30 20 2d 31 70 78 20 32 70 78 2c 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 36 29 20 30 20 31 70 78 20 31 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 39 39 29 3b 6f 70 61 63
                                                            Data Ascii: adow:rgba(0,0,0,0.55) 0 -1px 2px,rgba(255,255,255,0.6) 0 1px 1px;-webkit-box-shadow:rgba(0,0,0,0.55) 0 -1px 2px,rgba(255,255,255,0.6) 0 1px 1px;box-shadow:rgba(0,0,0,0.55) 0 -1px 2px,rgba(255,255,255,0.6) 0 1px 1px;color:#fff;filter:alpha(opacity=99);opac
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 53 49 78 4d 44 41 6c 49 69 42 6f 5a 57 6c 6e 61 48 51 39 49 6a 45 77 4d 43 55 69 49 47 5a 70 62 47 77 39 49 6e 56 79 62 43 67 6a 5a 33 4a 68 5a 43 6b 69 49 43 38 2b 50 43 39 7a 64 6d 63 2b 49 41 3d 3d 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 35 30 25 20 30 2c 35 30 25 20 31 30 30 25 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 30 25 2c 23 34 30 36 64 62 38 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 30 30 25 2c 23 31 61 32 64 35 34 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 34 30 36 64 62 38 2c 23 31 61 32 64 35 34 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 23 34
                                                            Data Ascii: SIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA==');background:-webkit-gradient(linear,50% 0,50% 100%,color-stop(0%,#406db8),color-stop(100%,#1a2d54));background:-moz-linear-gradient(#406db8,#1a2d54);background:-webkit-linear-gradient(#4
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 75 5a 30 4a 76 65 43 49 67 65 44 45 39 49 6a 41 75 4e 53 49 67 65 54 45 39 49 6a 41 75 4d 43 49 67 65 44 49 39 49 6a 41 75 4e 53 49 67 65 54 49 39 49 6a 45 75 4d 43 49 2b 50 48 4e 30 62 33 41 67 62 32 5a 6d 63 32 56 30 50 53 49 77 4a 53 49 67 63 33 52 76 63 43 31 6a 62 32 78 76 63 6a 30 69 49 7a 46 68 4d 6d 4d 30 5a 53 49 76 50 6a 78 7a 64 47 39 77 49 47 39 6d 5a 6e 4e 6c 64 44 30 69 4d 54 41 77 4a 53 49 67 63 33 52 76 63 43 31 6a 62 32 78 76 63 6a 30 69 49 7a 49 77 4d 7a 67 32 4d 69 49 76 50 6a 77 76 62 47 6c 75 5a 57 46 79 52 33 4a 68 5a 47 6c 6c 62 6e 51 2b 50 43 39 6b 5a 57 5a 7a 50 6a 78 79 5a 57 4e 30 49 48 67 39 49 6a 41 69 49 48 6b 39 49 6a 41 69 49 48 64 70 5a 48 52 6f 50 53 49 78 4d 44 41 6c 49 69 42 6f 5a 57 6c 6e 61 48 51 39 49 6a 45 77 4d 43
                                                            Data Ascii: uZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iIzFhMmM0ZSIvPjxzdG9wIG9mZnNldD0iMTAwJSIgc3RvcC1jb2xvcj0iIzIwMzg2MiIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMC
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 72 2c 35 30 25 20 30 2c 35 30 25 20 31 30 30 25 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 29 2c 63 6f 6c 6f 72 2d 73 74 6f 70 28 31 30 30 25 2c 23 32 34 33 64 36 64 29 29 2c 75 72 6c 28 2e 2e 2f 69 6d 67 2f 62 75 74 74 6f 6e 2d 69 63 6f 6e 2d 73 65 70 2e 70 6e 67 29 20 72 65 70 65 61 74 2d 79 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 2c 23 32 34 33 64 36 64 29 2c 75 72 6c 28 2e 2e 2f 69 6d 67 2f 62 75 74 74 6f 6e 2d 69 63 6f 6e 2d 73 65 70 2e 70 6e 67 29 20 72 65 70 65 61 74 2d 79 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 72 67 62 61 28 30 2c 30 2c 30 2c
                                                            Data Ascii: r,50% 0,50% 100%,color-stop(0%,rgba(0,0,0,0)),color-stop(100%,#243d6d)),url(../img/button-icon-sep.png) repeat-y;background:-moz-linear-gradient(rgba(0,0,0,0),#243d6d),url(../img/button-icon-sep.png) repeat-y;background:-webkit-linear-gradient(rgba(0,0,0,
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 23 33 37 35 61 32 64 7d 2e 69 65 2d 6f 6c 64 20 2e 62 75 74 74 6f 6e 2d 67 72 65 65 6e 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 2e 67 72 61 64 69 65 6e 74 2c 2e 69 65 2d 6f 6c 64 20 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 2e 67 72 61 64 69 65 6e 74 2c 2e 69 65 2d 6f 6c 64 20 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 64 6f 77 6e 6c 6f 61 64 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 2e 67 72 61 64 69 65 6e 74 2c 2e 69 65 2d 6f 6c 64 20 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 6d 61 63 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 2e 67 72 61 64 69 65 6e 74 2c 2e 69 65 2d 6f 6c 64 20 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 77 69 6e 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 2e 67 72 61 64 69 65 6e 74 7b 2a 7a 6f 6f 6d
                                                            Data Ascii: #375a2d}.ie-old .button-green .button__wrap.gradient,.ie-old .button_green .button__wrap.gradient,.ie-old .button_green_download .button__wrap.gradient,.ie-old .button_green_mac .button__wrap.gradient,.ie-old .button_green_win .button__wrap.gradient{*zoom
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 3a 61 66 74 65 72 2c 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 3a 61 66 74 65 72 2c 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 64 6f 77 6e 6c 6f 61 64 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 3a 61 66 74 65 72 2c 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 6d 61 63 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 3a 61 66 74 65 72 2c 2e 62 75 74 74 6f 6e 5f 67 72 65 65 6e 5f 77 69 6e 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 3a 61 66 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 44 39 34 62 57 77 67 64 6d 56 79 63 32 6c 76 62 6a 30 69 4d 53 34 77 49 69 42 6c 62 6d 4e 76 5a 47 6c 75 5a 7a 30 69
                                                            Data Ascii: .button__wrap:after,.button_green .button__wrap:after,.button_green_download .button__wrap:after,.button_green_mac .button__wrap:after,.button_green_win .button__wrap:after{background:url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0i
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 6e 5f 5f 77 72 61 70 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 44 39 34 62 57 77 67 64 6d 56 79 63 32 6c 76 62 6a 30 69 4d 53 34 77 49 69 42 6c 62 6d 4e 76 5a 47 6c 75 5a 7a 30 69 64 58 52 6d 4c 54 67 69 50 7a 34 67 50 48 4e 32 5a 79 42 32 5a 58 4a 7a 61 57 39 75 50 53 49 78 4c 6a 45 69 49 48 68 74 62 47 35 7a 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 79 4d 44 41 77 4c 33 4e 32 5a 79 49 2b 50 47 52 6c 5a 6e 4d 2b 50 47 78 70 62 6d 56 68 63 6b 64 79 59 57 52 70 5a 57 35 30 49 47 6c 6b 50 53 4a 6e 63 6d 46 6b 49 69 42 6e 63 6d 46 6b 61 57 56 75 64 46 56 75 61 58 52 7a 50 53 4a 76 59 6d 70 6c 59 33 52 43 62 33 56 75 5a 47 6c 75 5a
                                                            Data Ascii: n__wrap{background:url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 6c 65 5f 77 69 6e 3a 61 63 74 69 76 65 20 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 44 39 34 62 57 77 67 64 6d 56 79 63 32 6c 76 62 6a 30 69 4d 53 34 77 49 69 42 6c 62 6d 4e 76 5a 47 6c 75 5a 7a 30 69 64 58 52 6d 4c 54 67 69 50 7a 34 67 50 48 4e 32 5a 79 42 32 5a 58 4a 7a 61 57 39 75 50 53 49 78 4c 6a 45 69 49 48 68 74 62 47 35 7a 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 79 4d 44 41 77 4c 33 4e 32 5a 79 49 2b 50 47 52 6c 5a 6e 4d 2b 50 47 78 70 62 6d 56 68 63 6b 64 79 59 57 52 70 5a 57 35 30 49 47 6c 6b 50 53 4a 6e 63 6d 46 6b 49 69 42 6e 63 6d 46 6b 61 57 56 75 64 46 56 75 61 58 52 7a 50
                                                            Data Ascii: le_win:active .button__wrap{background:url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzP
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 31 76 63 47 46 6a 61 58 52 35 50 53 49 77 4c 6a 41 69 4c 7a 34 38 63 33 52 76 63 43 42 76 5a 6d 5a 7a 5a 58 51 39 49 6a 45 77 4d 43 55 69 49 48 4e 30 62 33 41 74 59 32 39 73 62 33 49 39 49 69 4d 79 4e 44 4e 6b 4e 6d 51 69 4c 7a 34 38 4c 32 78 70 62 6d 56 68 63 6b 64 79 59 57 52 70 5a 57 35 30 50 6a 77 76 5a 47 56 6d 63 7a 34 38 63 6d 56 6a 64 43 42 34 50 53 49 77 49 69 42 35 50 53 49 77 49 69 42 33 61 57 52 30 61 44 30 69 4d 54 41 77 4a 53 49 67 61 47 56 70 5a 32 68 30 50 53 49 78 4d 44 41 6c 49 69 42 6d 61 57 78 73 50 53 4a 31 63 6d 77 6f 49 32 64 79 59 57 51 70 49 69 41 76 50 6a 77 76 63 33 5a 6e 50 69 41 3d 27 29 2c 75 72 6c 28 2e 2e 2f 69 6d 67 2f 62 75 74 74 6f 6e 2d 69 63 6f 6e 2d 73 65 70 2e 70 6e 67 29 20 72 65 70 65 61 74 2d 79 3b 62 61 63 6b 67
                                                            Data Ascii: 1vcGFjaXR5PSIwLjAiLz48c3RvcCBvZmZzZXQ9IjEwMCUiIHN0b3AtY29sb3I9IiMyNDNkNmQiLz48L2xpbmVhckdyYWRpZW50PjwvZGVmcz48cmVjdCB4PSIwIiB5PSIwIiB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBmaWxsPSJ1cmwoI2dyYWQpIiAvPjwvc3ZnPiA='),url(../img/button-icon-sep.png) repeat-y;backg


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.456539104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:38 UTC550OUTGET /2023/07/24/0635/js/jquery.1.8.2.min.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: */*
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: script
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:38 UTC363INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:38 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-827c"
                                                            Expires: Fri, 27 Sep 2024 06:47:27 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 791
                                                            Server: cloudflare
                                                            CF-RAY: 8c99723b9a4f4397-EWR
                                                            2024-09-27 06:30:38 UTC1006INData Raw: 37 65 33 37 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 38 2e 32 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 47 28 61 29 7b 76 61 72 20 62 3d 46 5b 61 5d 3d 7b 7d 3b 72 65 74 75 72 6e 20 70 2e 65 61 63 68 28 61 2e 73 70 6c 69 74 28 73 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 63 29 7b 62 5b 63 5d 3d 21 30 7d 29 2c 62 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 2c 63 2c 64 29 7b 69 66 28 64 3d 3d 3d 62 26 26 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 29 7b 76 61 72 20 65 3d 22 64 61 74 61 2d 22 2b 63 2e 72 65 70 6c 61 63 65 28 49 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 64 3d 61 2e 67 65 74 41 74 74 72
                                                            Data Ascii: 7e37/*! jQuery v1.8.2 jquery.com | jquery.org/license */(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttr
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 64 29 7d 72 65 74 75 72 6e 20 70 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 64 29 7b 72 65 74 75 72 6e 20 70 2e 69 6e 41 72 72 61 79 28 61 2c 62 29 3e 3d 30 3d 3d 3d 63 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 62 6b 28 61 29 7b 76 61 72 20 62 3d 62 6c 2e 73 70 6c 69 74 28 22 7c 22 29 2c 63 3d 61 2e 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 28 29 3b 69 66 28 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 29 77 68 69 6c 65 28 62 2e 6c 65 6e 67 74 68 29 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 2e 70 6f 70 28 29 29 3b 72 65 74 75 72 6e 20 63 7d 66 75 6e 63 74 69 6f 6e 20 62 43 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 62 29 5b 30 5d 7c 7c 61 2e 61 70 70
                                                            Data Ascii: d)}return p.grep(a,function(a,d){return p.inArray(a,b)>=0===c})}function bk(a){var b=bl.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function bC(a,b){return a.getElementsByTagName(b)[0]||a.app
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 3b 76 61 72 20 63 3d 62 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 62 2e 73 6c 69 63 65 28 31 29 2c 64 3d 62 2c 65 3d 62 57 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 65 2d 2d 29 7b 62 3d 62 57 5b 65 5d 2b 63 3b 69 66 28 62 20 69 6e 20 61 29 72 65 74 75 72 6e 20 62 7d 72 65 74 75 72 6e 20 64 7d 66 75 6e 63 74 69 6f 6e 20 62 5a 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 62 7c 7c 61 2c 70 2e 63 73 73 28 61 2c 22 64 69 73 70 6c 61 79 22 29 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 21 70 2e 63 6f 6e 74 61 69 6e 73 28 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 62 24 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 5b 5d 2c 66 3d 30 2c 67 3d 61 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 66 3c 67 3b 66
                                                            Data Ascii: ;var c=b.charAt(0).toUpperCase()+b.slice(1),d=b,e=bW.length;while(e--){b=bW[e]+c;if(b in a)return b}return d}function bZ(a,b){return a=b||a,p.css(a,"display")==="none"||!p.contains(a.ownerDocument,a)}function b$(a,b){var c,d,e=[],f=0,g=a.length;for(;f<g;f
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 64 3d 70 61 72 73 65 46 6c 6f 61 74 28 64 29 7c 7c 30 7d 72 65 74 75 72 6e 20 64 2b 63 61 28 61 2c 62 2c 63 7c 7c 28 66 3f 22 62 6f 72 64 65 72 22 3a 22 63 6f 6e 74 65 6e 74 22 29 2c 65 29 2b 22 70 78 22 7d 66 75 6e 63 74 69 6f 6e 20 63 63 28 61 29 7b 69 66 28 62 53 5b 61 5d 29 72 65 74 75 72 6e 20 62 53 5b 61 5d 3b 76 61 72 20 62 3d 70 28 22 3c 22 2b 61 2b 22 3e 22 29 2e 61 70 70 65 6e 64 54 6f 28 65 2e 62 6f 64 79 29 2c 63 3d 62 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 29 3b 62 2e 72 65 6d 6f 76 65 28 29 3b 69 66 28 63 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 63 3d 3d 3d 22 22 29 7b 62 49 3d 65 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 49 7c 7c 70 2e 65 78 74 65 6e 64 28 65 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29
                                                            Data Ascii: d=parseFloat(d)||0}return d+ca(a,b,c||(f?"border":"content"),e)+"px"}function cc(a){if(bS[a])return bS[a];var b=p("<"+a+">").appendTo(e.body),c=b.css("display");b.remove();if(c==="none"||c===""){bI=e.body.appendChild(bI||p.extend(e.createElement("iframe")
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 20 63 43 28 61 2c 63 2c 64 29 7b 76 61 72 20 65 2c 66 2c 67 2c 68 2c 69 3d 61 2e 63 6f 6e 74 65 6e 74 73 2c 6a 3d 61 2e 64 61 74 61 54 79 70 65 73 2c 6b 3d 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 3b 66 6f 72 28 66 20 69 6e 20 6b 29 66 20 69 6e 20 64 26 26 28 63 5b 6b 5b 66 5d 5d 3d 64 5b 66 5d 29 3b 77 68 69 6c 65 28 6a 5b 30 5d 3d 3d 3d 22 2a 22 29 6a 2e 73 68 69 66 74 28 29 2c 65 3d 3d 3d 62 26 26 28 65 3d 61 2e 6d 69 6d 65 54 79 70 65 7c 7c 63 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 29 29 3b 69 66 28 65 29 66 6f 72 28 66 20 69 6e 20 69 29 69 66 28 69 5b 66 5d 26 26 69 5b 66 5d 2e 74 65 73 74 28 65 29 29 7b 6a 2e 75 6e 73 68 69 66 74 28 66 29 3b 62 72 65 61 6b 7d
                                                            Data Ascii: function cC(a,c,d){var e,f,g,h,i=a.contents,j=a.dataTypes,k=a.responseFields;for(f in k)f in d&&(c[k[f]]=d[f]);while(j[0]==="*")j.shift(),e===b&&(e=a.mimeType||c.getResponseHeader("content-type"));if(e)for(f in i)if(i[f]&&i[f].test(e)){j.unshift(f);break}
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 29 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 63 4e 7c 7c 63 55 28 29 2c 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 6a 2e 73 74 61 72 74 54 69 6d 65 2b 6a 2e 64 75 72 61 74 69 6f 6e 2d 62 29 2c 64 3d 31 2d 28 63 2f 6a 2e 64 75 72 61 74 69 6f 6e 7c 7c 30 29 2c 65 3d 30 2c 66 3d 6a 2e 74 77 65 65 6e 73 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 65 3c 66 3b 65 2b 2b 29 6a 2e 74 77 65 65 6e 73 5b 65 5d 2e 72 75 6e 28 64 29 3b 72 65 74 75 72 6e 20 68 2e 6e 6f 74 69 66 79 57 69 74 68 28 61 2c 5b 6a 2c 64 2c 63 5d 29 2c 64 3c 31 26 26 66 3f 63 3a 28 68 2e 72 65 73 6f 6c 76 65 57 69 74 68 28 61 2c 5b 6a 5d 29 2c 21 31 29 7d 2c 6a 3d 68 2e 70 72 6f 6d 69 73 65 28 7b 65 6c 65 6d 3a 61 2c 70 72 6f 70 73 3a 70 2e 65 78 74 65 6e 64 28 7b 7d 2c 62 29 2c 6f 70
                                                            Data Ascii: ),i=function(){var b=cN||cU(),c=Math.max(0,j.startTime+j.duration-b),d=1-(c/j.duration||0),e=0,f=j.tweens.length;for(;e<f;e++)j.tweens[e].run(d);return h.notifyWith(a,[j,d,c]),d<1&&f?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:p.extend({},b),op
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 6d 70 74 79 2e 66 69 72 65 2c 6a 2e 65 6d 70 74 79 2e 66 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 2e 75 6e 71 75 65 75 65 64 7c 7c 6b 28 29 7d 29 2c 6a 2e 75 6e 71 75 65 75 65 64 2b 2b 2c 6c 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 2e 75 6e 71 75 65 75 65 64 2d 2d 2c 70 2e 71 75 65 75 65 28 61 2c 22 66 78 22 29 2e 6c 65 6e 67 74 68 7c 7c 6a 2e 65 6d 70 74 79 2e 66 69 72 65 28 29 7d 29 7d 29 29 2c 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 26 26 28 22 68 65 69 67 68 74 22 69 6e 20 62 7c 7c 22 77 69 64 74 68 22 69 6e 20 62 29 26 26 28 63 2e 6f 76 65 72 66 6c 6f 77 3d 5b 6d 2e 6f 76 65 72 66 6c 6f 77 2c 6d 2e 6f 76 65 72 66 6c 6f 77 58 2c 6d 2e 6f 76 65 72 66 6c 6f 77 59 5d
                                                            Data Ascii: mpty.fire,j.empty.fire=function(){j.unqueued||k()}),j.unqueued++,l.always(function(){l.always(function(){j.unqueued--,p.queue(a,"fx").length||j.empty.fire()})})),a.nodeType===1&&("height"in b||"width"in b)&&(c.overflow=[m.overflow,m.overflowX,m.overflowY]
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 2c 6b 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2c 6c 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2c 6d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 6f 3d 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 69 6d 2c 70 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 70 2e 66 6e 2e 69 6e 69 74 28 61 2c 62 2c 63 29 7d 2c 71 3d 2f 5b 5c 2d 2b 5d 3f 28 3f 3a 5c 64 2a 5c 2e 7c 29 5c 64 2b 28 3f 3a 5b 65 45 5d 5b 5c 2d 2b 5d 3f 5c 64 2b 7c 29 2f 2e 73 6f 75 72 63 65 2c 72 3d 2f 5c 53 2f 2c 73 3d 2f
                                                            Data Ascii: prototype.push,k=Array.prototype.slice,l=Array.prototype.indexOf,m=Object.prototype.toString,n=Object.prototype.hasOwnProperty,o=String.prototype.trim,p=function(a,b){return new p.fn.init(a,b,c)},q=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,r=/\S/,s=/
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 72 6e 21 63 7c 7c 63 2e 6a 71 75 65 72 79 3f 28 63 7c 7c 64 29 2e 66 69 6e 64 28 61 29 3a 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 63 29 2e 66 69 6e 64 28 61 29 7d 72 65 74 75 72 6e 20 70 2e 69 73 46 75 6e 63 74 69 6f 6e 28 61 29 3f 64 2e 72 65 61 64 79 28 61 29 3a 28 61 2e 73 65 6c 65 63 74 6f 72 21 3d 3d 62 26 26 28 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 3d 61 2e 73 65 6c 65 63 74 6f 72 2c 74 68 69 73 2e 63 6f 6e 74 65 78 74 3d 61 2e 63 6f 6e 74 65 78 74 29 2c 70 2e 6d 61 6b 65 41 72 72 61 79 28 61 2c 74 68 69 73 29 29 7d 2c 73 65 6c 65 63 74 6f 72 3a 22 22 2c 6a 71 75 65 72 79 3a 22 31 2e 38 2e 32 22 2c 6c 65 6e 67 74 68 3a 30 2c 73 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6c 65 6e 67 74 68 7d 2c 74 6f
                                                            Data Ascii: rn!c||c.jquery?(c||d).find(a):this.constructor(c).find(a)}return p.isFunction(a)?d.ready(a):(a.selector!==b&&(this.selector=a.selector,this.context=a.context),p.makeArray(a,this))},selector:"",jquery:"1.8.2",length:0,size:function(){return this.length},to
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 29 69 66 28 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 69 5d 29 21 3d 6e 75 6c 6c 29 66 6f 72 28 63 20 69 6e 20 61 29 7b 64 3d 68 5b 63 5d 2c 65 3d 61 5b 63 5d 3b 69 66 28 68 3d 3d 3d 65 29 63 6f 6e 74 69 6e 75 65 3b 6b 26 26 65 26 26 28 70 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 65 29 7c 7c 28 66 3d 70 2e 69 73 41 72 72 61 79 28 65 29 29 29 3f 28 66 3f 28 66 3d 21 31 2c 67 3d 64 26 26 70 2e 69 73 41 72 72 61 79 28 64 29 3f 64 3a 5b 5d 29 3a 67 3d 64 26 26 70 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 64 29 3f 64 3a 7b 7d 2c 68 5b 63 5d 3d 70 2e 65 78 74 65 6e 64 28 6b 2c 67 2c 65 29 29 3a 65 21 3d 3d 62 26 26 28 68 5b 63 5d 3d 65 29 7d 72 65 74 75 72 6e 20 68 7d 2c 70 2e 65 78 74 65 6e 64 28 7b 6e 6f 43 6f 6e 66 6c 69 63 74 3a 66 75 6e 63 74 69 6f 6e
                                                            Data Ascii: )if((a=arguments[i])!=null)for(c in a){d=h[c],e=a[c];if(h===e)continue;k&&e&&(p.isPlainObject(e)||(f=p.isArray(e)))?(f?(f=!1,g=d&&p.isArray(d)?d:[]):g=d&&p.isPlainObject(d)?d:{},h[c]=p.extend(k,g,e)):e!==b&&(h[c]=e)}return h},p.extend({noConflict:function


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.456537104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:38 UTC544OUTGET /2023/07/24/0635/js/script.mix.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: */*
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: script
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:38 UTC364INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:38 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-5e8f"
                                                            Expires: Fri, 27 Sep 2024 06:38:50 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 1308
                                                            Server: cloudflare
                                                            CF-RAY: 8c99723b9d057277-EWR
                                                            2024-09-27 06:30:38 UTC1005INData Raw: 37 65 33 36 0d 0a 76 61 72 20 24 6a 73 63 6f 6d 70 3d 7b 73 63 6f 70 65 3a 7b 7d 2c 66 69 6e 64 49 6e 74 65 72 6e 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 62 2c 61 29 7b 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 63 3d 53 74 72 69 6e 67 28 63 29 29 3b 66 6f 72 28 76 61 72 20 64 3d 63 2e 6c 65 6e 67 74 68 2c 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 7b 76 61 72 20 67 3d 63 5b 65 5d 3b 69 66 28 62 2e 63 61 6c 6c 28 61 2c 67 2c 65 2c 63 29 29 72 65 74 75 72 6e 7b 69 3a 65 2c 76 3a 67 7d 7d 72 65 74 75 72 6e 7b 69 3a 2d 31 2c 76 3a 76 6f 69 64 20 30 7d 7d 7d 3b 24 6a 73 63 6f 6d 70 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72
                                                            Data Ascii: 7e36var $jscomp={scope:{},findInternal:function(c,b,a){c instanceof String&&(c=String(c));for(var d=c.length,e=0;e<d;e++){var g=c[e];if(b.call(a,g,e,c))return{i:e,v:g}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProper
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 74 79 70 65 2e 66 69 6c 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 61 2c 63 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 6c 65 6e 67 74 68 7c 7c 30 3b 30 3e 61 26 26 28 61 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 61 29 29 3b 69 66 28 6e 75 6c 6c 3d 3d 63 7c 7c 63 3e 65 29 63 3d 65 3b 63 3d 4e 75 6d 62 65 72 28 63 29 3b 30 3e 63 26 26 28 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 63 29 29 3b 66 6f 72 28 61 3d 4e 75 6d 62 65 72 28 61 7c 7c 30 29 3b 61 3c 63 3b 61 2b 2b 29 74 68 69 73 5b 61 5d 3d 62 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 2c 22 65 73 36 2d 69 6d 70 6c 22 2c 22 65 73 33 22 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 63 2c 62 2c 61 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 61 29 7b 72
                                                            Data Ascii: type.fill",function(c){return c?c:function(b,a,c){var e=this.length||0;0>a&&(a=Math.max(0,e+a));if(null==c||c>e)c=e;c=Number(c);0>c&&(c=Math.max(0,e+c));for(a=Number(a||0);a<c;a++)this[a]=b;return this}},"es6-impl","es3");(function(c,b,a){function d(a){r
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 6c 6f 6f 70 3a 21 31 2c 61 75 74 6f 3a 6e 75 6c 6c 2c 72 65 76 65 72 73 65 3a 21 31 2c 64 75 72 61 74 69 6f 6e 3a 38 30 30 2c 6f 6e 49 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6f 6e 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 74 3d 6b 2e 77 69 64 74 68 28 29 3b 68 2e 63 73 73 28 7b 77 69 64 74 68 3a 4d 61 74 68 2e 63 65 69 6c 28 74 2f 66 2e 76 69 73 69 62 6c 65 29 7d 29 3b 76 3d 68 2e 77 69 64 74 68 28 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 61 29 7b 76 61 72 20 62 3d 61 3f 31 3a 2d 31 2c 63 3d 30 3b 69 66 28 21 75 29 7b 75 3d 21 30 3b 41 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 49 6e 74 65 72 76 61
                                                            Data Ascii: loop:!1,auto:null,reverse:!1,duration:800,onInit:function(){},onComplete:function(){}};return this.each(function(){function d(){t=k.width();h.css({width:Math.ceil(t/f.visible)});v=h.width()}function e(a){var b=a?1:-1,c=0;if(!u){u=!0;A&&window.clearInterva
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 72 6e 20 42 2d 2d 2c 65 28 21 30 29 7d 29 3b 66 2e 61 75 74 6f 26 26 28 41 3d 77 69 6e 64 6f 77 2e 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 28 66 2e 72 65 76 65 72 73 65 29 7d 2c 66 2e 61 75 74 6f 29 29 7d 29 7d 7d 29 28 6a 51 75 65 72 79 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 74 6f 70 21 3d 3d 77 69 6e 64 6f 77 2e 73 65 6c 66 26 26 77 69 6e 64 6f 77 2e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 77 69 6e 64 6f 77 2e 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 24 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 2c 62 2c 61 2c 64 2c 65 2c 67 2c 66 3b 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 72 65 70 6c 61 63 65 28 2f 5b 5c 5b 5d 2f 2c 22 5c 5c 5b 22 29
                                                            Data Ascii: rn B--,e(!0)});f.auto&&(A=window.setInterval(function(){e(f.reverse)},f.auto))})}})(jQuery);(function(){window.top!==window.self&&window.top.location.replace(window.self.location.href);$(function(){var c,b,a,d,e,g,f;f=function(a){a=a.replace(/[\[]/,"\\[")
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 2e 61 6a 61 78 53 75 62 6d 69 74 28 7b 73 75 63 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 6c 65 72 74 28 6c 6f 61 64 54 65 6d 70 6c 61 74 65 28 22 61 62 75 73 65 5f 73 65 6e 74 5f 74 65 6d 70 6c 61 74 65 22 29 29 7d 7d 29 29 3a 61 6c 65 72 74 28 6c 6f 61 64 54 65 6d 70 6c 61 74 65 28 22 61 62 75 73 65 5f 74 65 6c 6c 5f 65 6d 61 69 6c 5f 74 65 6d 70 6c 61 74 65 22 29 29 7d 29 3b 24 28 22 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 22 2c 22 2e 69 65 2d 6f 6c 64 22 29 2e 61 64 64 43 6c 61 73 73 28 22 67 72 61 64 69 65 6e 74 22 29 3b 24 28 22 2e 68 65 61 64 65 72 22 2c 22 2e 69 65 2d 6f 6c 64 22 29 2e 61 64 64 43 6c 61 73 73 28 22 67 72 61 64 69 65 6e 74 22 29 3b 24 28 22 2e 68 65 61 64 65 72 2d 64 6f 77 6e 6c 6f 64 61 73 2d 70 6f 70
                                                            Data Ascii: .ajaxSubmit({success:function(){return alert(loadTemplate("abuse_sent_template"))}})):alert(loadTemplate("abuse_tell_email_template"))});$(".button__wrap",".ie-old").addClass("gradient");$(".header",".ie-old").addClass("gradient");$(".header-downlodas-pop
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 61 67 65 3d 22 2b 0a 63 29 3b 69 66 28 22 70 72 6e 74 73 63 72 2e 63 6f 6d 22 3d 3d 3d 28 61 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 29 7c 7c 22 70 72 6e 74 2e 73 63 22 3d 3d 3d 61 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 21 30 29 3b 69 66 28 22 61 70 70 2e 70 72 6e 74 73 63 72 2e 63 6f 6d 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 61 70 70 5c 2e 70 72 6e 74 73 63 72 5c 2e 63 6f 6d 5c 2f 5b 61 2d 7a 2d 5d 2b 5c 2f 2f 2c 22 61
                                                            Data Ascii: age="+c);if("prntscr.com"===(a=document.location.hostname)||"prnt.sc"===a)return document.location.reload(!0);if("app.prntscr.com"===document.location.hostname)return document.location.href=document.location.href.replace(/app\.prntscr\.com\/[a-z-]+\//,"a
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 62 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 62 29 3a 63 2e 53 70 69 6e 6e 65 72 3d 62 28 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 61 2c 62 29 7b 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 61 7c 7c 22 64 69 76 22 29 3b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 61 5b 63 5d 3d 62 5b 63 5d 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 62 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 31 2c 63 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 62 3c 63 3b 62
                                                            Data Ascii: ect"==typeof exports?module.exports=b():"function"==typeof define&&define.amd?define(b):c.Spinner=b()})(this,function(){function c(a,b){a=document.createElement(a||"div");for(var c in b)a[c]=b[c];return a}function b(a){for(var b=1,c=arguments.length;b<c;b
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 23 56 4d 4c 29 22 29 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 69 6e 65 73 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 29 7b 72 65 74 75 72 6e 20 65 28 61 28 22 67 72 6f 75 70 22 2c 7b 63 6f 6f 72 64 73 69 7a 65 3a 6d 2b 22 20 22 2b 6d 2c 63 6f 6f 72 64 6f 72 69 67 69 6e 3a 2d 6b 2b 22 20 22 2b 2d 6b 7d 29 2c 7b 77 69 64 74 68 3a 6d 2c 0a 68 65 69 67 68 74 3a 6d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 67 28 63 2c 43 2c 6d 29 7b 62 28 6c 2c 62 28 65 28 66 28 29 2c 7b 72 6f 74 61 74 69 6f 6e 3a 33 36 30 2f 64 2e 6c 69 6e 65 73 2a 63 2b 22 64 65 67 22 2c 6c 65 66 74 3a 7e 7e 43 7d 29 2c 62 28 65 28 61 28 22 72 6f 75 6e 64 72 65 63 74 22 2c 7b 61 72 63 73 69 7a 65 3a 64 2e 63 6f 72 6e 65 72 73 7d 29 2c 7b 77 69 64 74 68 3a 6b 2c
                                                            Data Ascii: #VML)");k.prototype.lines=function(c,d){function f(){return e(a("group",{coordsize:m+" "+m,coordorigin:-k+" "+-k}),{width:m,height:m})}function g(c,C,m){b(l,b(e(f(),{rotation:360/d.lines*c+"deg",left:~~C}),b(e(a("roundrect",{arcsize:d.corners}),{width:k,
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 2b 64 2e 6c 65 6e 67 74 68 2b 64 2e 77 69 64 74 68 2c 6d 2c 68 3b 61 26 26 28 61 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 67 2c 61 2e 66 69 72 73 74 43 68 69 6c 64 7c 7c 6e 75 6c 6c 29 2c 68 3d 66 28 61 29 2c 6d 3d 66 28 67 29 2c 65 28 67 2c 7b 6c 65 66 74 3a 28 22 61 75 74 6f 22 3d 3d 64 2e 6c 65 66 74 3f 68 2e 78 2d 6d 2e 78 2b 28 61 2e 6f 66 66 73 65 74 57 69 64 74 68 3e 3e 31 29 3a 70 61 72 73 65 49 6e 74 28 64 2e 6c 65 66 74 2c 31 30 29 2b 6b 29 2b 22 70 78 22 2c 74 6f 70 3a 28 22 61 75 74 6f 22 3d 3d 64 2e 74 6f 70 3f 68 2e 79 2d 6d 2e 79 2b 28 61 2e 6f 66 66 73 65 74 48 65 69 67 68 74 3e 3e 31 29 3a 70 61 72 73 65 49 6e 74 28 64 2e 74 6f 70 2c 31 30 29 2b 6b 29 2b 22 70 78 22 7d 29 29 3b 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 72 6f 6c 65
                                                            Data Ascii: +d.length+d.width,m,h;a&&(a.insertBefore(g,a.firstChild||null),h=f(a),m=f(g),e(g,{left:("auto"==d.left?h.x-m.x+(a.offsetWidth>>1):parseInt(d.left,10)+k)+"px",top:("auto"==d.top?h.y-m.y+(a.offsetHeight>>1):parseInt(d.top,10)+k)+"px"}));g.setAttribute("role
                                                            2024-09-27 06:30:38 UTC1369INData Raw: 31 29 22 29 29 29 3b 72 65 74 75 72 6e 20 64 7d 2c 6f 70 61 63 69 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3c 61 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 26 26 28 61 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 62 5d 2e 73 74 79 6c 65 2e 6f 70 61 63 69 74 79 3d 63 29 7d 7d 29 3b 76 61 72 20 77 3d 65 28 63 28 22 67 72 6f 75 70 22 29 2c 7b 62 65 68 61 76 69 6f 72 3a 22 75 72 6c 28 23 64 65 66 61 75 6c 74 23 56 4d 4c 29 22 7d 29 3b 21 64 28 77 2c 22 74 72 61 6e 73 66 6f 72 6d 22 29 26 26 77 2e 61 64 6a 3f 6d 28 29 3a 6e 3d 64 28 77 2c 22 61 6e 69 6d 61 74 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 6b 7d 29 3b 28 66 75 6e 63 74 69 6f 6e 28 63 2c 62 29 7b 63 2e 65 78 74 65 6e 64 28 7b 6a 73 6f 6e 52 50 43 3a 7b 76 65 72 73 69 6f 6e 3a 22 32
                                                            Data Ascii: 1)")));return d},opacity:function(a,b,c){b<a.childNodes.length&&(a.childNodes[b].style.opacity=c)}});var w=e(c("group"),{behavior:"url(#default#VML)"});!d(w,"transform")&&w.adj?m():n=d(w,"animation");return k});(function(c,b){c.extend({jsonRPC:{version:"2


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.456540184.28.90.27443
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:38 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            Accept-Encoding: identity
                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                            Range: bytes=0-2147483646
                                                            User-Agent: Microsoft BITS/7.8
                                                            Host: fs.microsoft.com
                                                            2024-09-27 06:30:39 UTC514INHTTP/1.1 200 OK
                                                            ApiVersion: Distribute 1.1
                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                            Content-Type: application/octet-stream
                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                            Server: ECAcc (lpl/EF06)
                                                            X-CID: 11
                                                            X-Ms-ApiVersion: Distribute 1.2
                                                            X-Ms-Region: prod-weu-z1
                                                            Cache-Control: public, max-age=36881
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Length: 55
                                                            Connection: close
                                                            X-CID: 2
                                                            2024-09-27 06:30:39 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            18192.168.2.456542104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC638OUTGET /2023/07/24/0635/img/button-download.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC505INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 314
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=1404
                                                            Content-Disposition: inline; filename="button-download.webp"
                                                            ETag: "64be1bd1-57c"
                                                            Expires: Fri, 27 Sep 2024 06:35:23 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1516
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972400b7e1891-EWR
                                                            2024-09-27 06:30:39 UTC314INData Raw: 52 49 46 46 32 01 00 00 57 45 42 50 56 50 38 4c 26 01 00 00 2f 12 40 04 10 b5 40 ad b6 6d 79 f3 2e 95 19 32 40 74 56 c9 04 99 21 25 cd 95 ec 18 1d 33 73 dd 8f df f7 14 3e 58 e1 f1 65 7a cf ef 1a 01 d5 02 00 82 d1 6c db 4b 6b f6 16 fd 15 b6 6d 3b 6d d9 a7 7a f1 f2 35 c7 7b f7 03 b6 6d 4d 00 03 01 02 1d 28 c6 a2 88 dd 7b d3 0e 3e 06 56 fc 8f a6 05 2f e0 98 64 0d 7f 75 26 a3 d3 93 e2 45 40 61 10 82 82 a1 aa 2a 96 00 81 d6 07 1b 7e cb 59 53 99 9c ab 16 8f 2d bd 09 29 f2 2e 48 ed 9b da 9f 0b 71 db 61 bf fe fb d2 1d aa b9 52 fc c0 f2 0c 44 bb 97 5c 0e 36 fa 6b eb 4a c1 4c 0c 96 16 84 78 ca 1f 29 0f b5 b2 1b 7b 03 3e 49 b3 ac 33 03 a1 0a 45 d0 14 a6 f0 28 f0 ea 73 ba a7 e5 06 c0 7c d1 fc a1 21 60 60 8d 9b 5c e1 df 94 59 1e ea dd 4e 1e 84 bf 82 17 74 12 78 78 aa
                                                            Data Ascii: RIFF2WEBPVP8L&/@@my.2@tV!%3s>XezlKkm;mz5{mM({>V/du&E@a*~YS-).HqaRD\6kJLx){>I3E(s|!``\YNtxx


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            19192.168.2.456543104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC643OUTGET /2023/07/24/0635/img/icon-facebook_gscale.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC510INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 296
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=1325
                                                            Content-Disposition: inline; filename="icon-facebook_gscale.webp"
                                                            ETag: "64be1bd1-52d"
                                                            Expires: Fri, 27 Sep 2024 06:36:40 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1439
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972401a6143b0-EWR
                                                            2024-09-27 06:30:39 UTC296INData Raw: 52 49 46 46 20 01 00 00 57 45 42 50 56 50 38 4c 14 01 00 00 2f 09 40 04 10 35 40 b1 6d 6b 79 73 e6 10 98 03 33 33 27 23 88 ce 8a 8d a7 b6 96 5c 65 2d aa ae 4a 54 e4 c8 fd ba 96 c1 71 2b fb 0f e2 be 08 48 d6 b6 1d 6f de d8 b6 6d db 99 65 9c 93 4d 98 b5 66 5d 81 db 65 d8 58 42 67 b6 3d b4 df 09 90 20 9e b8 5e e7 7e 9f ff 5e f4 7d 01 17 80 30 52 3f ec fc a2 99 7d ff e1 02 20 4f 0a ef 28 ed 7f 0c 6f c6 6b 04 01 e8 83 e2 1b 9a 25 56 e9 27 8f 12 80 d1 2d df a1 d4 1f c6 08 1f 0a 6c 67 fb e6 e1 16 a5 9b 27 e7 f0 62 08 1a 76 e7 df 41 d7 dd 05 a4 24 8f df cf fe 2f 51 b2 b3 df e5 2d f4 78 3c 63 e1 83 53 94 52 a7 9e 19 7f 05 05 7c 62 81 91 03 34 4b 4e 93 c3 0c 03 02 ac 62 63 0f cd 9a 7d f0 20 41 00 60 e4 6a 9b 68 56 eb 86 05 48 30 d2 b5 0d 34 2b f5 c0 fe 97 a8 ad a3
                                                            Data Ascii: RIFF WEBPVP8L/@5@mkys33'#\e-JTq+HomeMf]eXBg= ^~^}0R?} O(ok%V'-lg'bvA$/Q-x<cSR|b4KNbc} A`jhVH04+


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            20192.168.2.456544104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC370OUTGET /2023/07/24/0635/js/script.mix.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC364INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-5e8f"
                                                            Expires: Fri, 27 Sep 2024 06:38:50 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 1309
                                                            Server: cloudflare
                                                            CF-RAY: 8c997240eb8d8c17-EWR
                                                            2024-09-27 06:30:39 UTC1005INData Raw: 37 65 33 36 0d 0a 76 61 72 20 24 6a 73 63 6f 6d 70 3d 7b 73 63 6f 70 65 3a 7b 7d 2c 66 69 6e 64 49 6e 74 65 72 6e 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 63 2c 62 2c 61 29 7b 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 63 3d 53 74 72 69 6e 67 28 63 29 29 3b 66 6f 72 28 76 61 72 20 64 3d 63 2e 6c 65 6e 67 74 68 2c 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 7b 76 61 72 20 67 3d 63 5b 65 5d 3b 69 66 28 62 2e 63 61 6c 6c 28 61 2c 67 2c 65 2c 63 29 29 72 65 74 75 72 6e 7b 69 3a 65 2c 76 3a 67 7d 7d 72 65 74 75 72 6e 7b 69 3a 2d 31 2c 76 3a 76 6f 69 64 20 30 7d 7d 7d 3b 24 6a 73 63 6f 6d 70 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72
                                                            Data Ascii: 7e36var $jscomp={scope:{},findInternal:function(c,b,a){c instanceof String&&(c=String(c));for(var d=c.length,e=0;e<d;e++){var g=c[e];if(b.call(a,g,e,c))return{i:e,v:g}}return{i:-1,v:void 0}}};$jscomp.defineProperty="function"==typeof Object.defineProper
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 74 79 70 65 2e 66 69 6c 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 61 2c 63 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 6c 65 6e 67 74 68 7c 7c 30 3b 30 3e 61 26 26 28 61 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 61 29 29 3b 69 66 28 6e 75 6c 6c 3d 3d 63 7c 7c 63 3e 65 29 63 3d 65 3b 63 3d 4e 75 6d 62 65 72 28 63 29 3b 30 3e 63 26 26 28 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 63 29 29 3b 66 6f 72 28 61 3d 4e 75 6d 62 65 72 28 61 7c 7c 30 29 3b 61 3c 63 3b 61 2b 2b 29 74 68 69 73 5b 61 5d 3d 62 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 2c 22 65 73 36 2d 69 6d 70 6c 22 2c 22 65 73 33 22 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 63 2c 62 2c 61 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 61 29 7b 72
                                                            Data Ascii: type.fill",function(c){return c?c:function(b,a,c){var e=this.length||0;0>a&&(a=Math.max(0,e+a));if(null==c||c>e)c=e;c=Number(c);0>c&&(c=Math.max(0,e+c));for(a=Number(a||0);a<c;a++)this[a]=b;return this}},"es6-impl","es3");(function(c,b,a){function d(a){r
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 6c 6f 6f 70 3a 21 31 2c 61 75 74 6f 3a 6e 75 6c 6c 2c 72 65 76 65 72 73 65 3a 21 31 2c 64 75 72 61 74 69 6f 6e 3a 38 30 30 2c 6f 6e 49 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 6f 6e 43 6f 6d 70 6c 65 74 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 74 3d 6b 2e 77 69 64 74 68 28 29 3b 68 2e 63 73 73 28 7b 77 69 64 74 68 3a 4d 61 74 68 2e 63 65 69 6c 28 74 2f 66 2e 76 69 73 69 62 6c 65 29 7d 29 3b 76 3d 68 2e 77 69 64 74 68 28 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 61 29 7b 76 61 72 20 62 3d 61 3f 31 3a 2d 31 2c 63 3d 30 3b 69 66 28 21 75 29 7b 75 3d 21 30 3b 41 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 49 6e 74 65 72 76 61
                                                            Data Ascii: loop:!1,auto:null,reverse:!1,duration:800,onInit:function(){},onComplete:function(){}};return this.each(function(){function d(){t=k.width();h.css({width:Math.ceil(t/f.visible)});v=h.width()}function e(a){var b=a?1:-1,c=0;if(!u){u=!0;A&&window.clearInterva
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 72 6e 20 42 2d 2d 2c 65 28 21 30 29 7d 29 3b 66 2e 61 75 74 6f 26 26 28 41 3d 77 69 6e 64 6f 77 2e 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 28 66 2e 72 65 76 65 72 73 65 29 7d 2c 66 2e 61 75 74 6f 29 29 7d 29 7d 7d 29 28 6a 51 75 65 72 79 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 74 6f 70 21 3d 3d 77 69 6e 64 6f 77 2e 73 65 6c 66 26 26 77 69 6e 64 6f 77 2e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 77 69 6e 64 6f 77 2e 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 24 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 2c 62 2c 61 2c 64 2c 65 2c 67 2c 66 3b 66 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 72 65 70 6c 61 63 65 28 2f 5b 5c 5b 5d 2f 2c 22 5c 5c 5b 22 29
                                                            Data Ascii: rn B--,e(!0)});f.auto&&(A=window.setInterval(function(){e(f.reverse)},f.auto))})}})(jQuery);(function(){window.top!==window.self&&window.top.location.replace(window.self.location.href);$(function(){var c,b,a,d,e,g,f;f=function(a){a=a.replace(/[\[]/,"\\[")
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 2e 61 6a 61 78 53 75 62 6d 69 74 28 7b 73 75 63 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 6c 65 72 74 28 6c 6f 61 64 54 65 6d 70 6c 61 74 65 28 22 61 62 75 73 65 5f 73 65 6e 74 5f 74 65 6d 70 6c 61 74 65 22 29 29 7d 7d 29 29 3a 61 6c 65 72 74 28 6c 6f 61 64 54 65 6d 70 6c 61 74 65 28 22 61 62 75 73 65 5f 74 65 6c 6c 5f 65 6d 61 69 6c 5f 74 65 6d 70 6c 61 74 65 22 29 29 7d 29 3b 24 28 22 2e 62 75 74 74 6f 6e 5f 5f 77 72 61 70 22 2c 22 2e 69 65 2d 6f 6c 64 22 29 2e 61 64 64 43 6c 61 73 73 28 22 67 72 61 64 69 65 6e 74 22 29 3b 24 28 22 2e 68 65 61 64 65 72 22 2c 22 2e 69 65 2d 6f 6c 64 22 29 2e 61 64 64 43 6c 61 73 73 28 22 67 72 61 64 69 65 6e 74 22 29 3b 24 28 22 2e 68 65 61 64 65 72 2d 64 6f 77 6e 6c 6f 64 61 73 2d 70 6f 70
                                                            Data Ascii: .ajaxSubmit({success:function(){return alert(loadTemplate("abuse_sent_template"))}})):alert(loadTemplate("abuse_tell_email_template"))});$(".button__wrap",".ie-old").addClass("gradient");$(".header",".ie-old").addClass("gradient");$(".header-downlodas-pop
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 61 67 65 3d 22 2b 0a 63 29 3b 69 66 28 22 70 72 6e 74 73 63 72 2e 63 6f 6d 22 3d 3d 3d 28 61 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 29 7c 7c 22 70 72 6e 74 2e 73 63 22 3d 3d 3d 61 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 21 30 29 3b 69 66 28 22 61 70 70 2e 70 72 6e 74 73 63 72 2e 63 6f 6d 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 29 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 61 70 70 5c 2e 70 72 6e 74 73 63 72 5c 2e 63 6f 6d 5c 2f 5b 61 2d 7a 2d 5d 2b 5c 2f 2f 2c 22 61
                                                            Data Ascii: age="+c);if("prntscr.com"===(a=document.location.hostname)||"prnt.sc"===a)return document.location.reload(!0);if("app.prntscr.com"===document.location.hostname)return document.location.href=document.location.href.replace(/app\.prntscr\.com\/[a-z-]+\//,"a
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 62 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 62 29 3a 63 2e 53 70 69 6e 6e 65 72 3d 62 28 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 61 2c 62 29 7b 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 61 7c 7c 22 64 69 76 22 29 3b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 62 29 61 5b 63 5d 3d 62 5b 63 5d 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 62 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 31 2c 63 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 62 3c 63 3b 62
                                                            Data Ascii: ect"==typeof exports?module.exports=b():"function"==typeof define&&define.amd?define(b):c.Spinner=b()})(this,function(){function c(a,b){a=document.createElement(a||"div");for(var c in b)a[c]=b[c];return a}function b(a){for(var b=1,c=arguments.length;b<c;b
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 23 56 4d 4c 29 22 29 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 69 6e 65 73 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 66 75 6e 63 74 69 6f 6e 20 66 28 29 7b 72 65 74 75 72 6e 20 65 28 61 28 22 67 72 6f 75 70 22 2c 7b 63 6f 6f 72 64 73 69 7a 65 3a 6d 2b 22 20 22 2b 6d 2c 63 6f 6f 72 64 6f 72 69 67 69 6e 3a 2d 6b 2b 22 20 22 2b 2d 6b 7d 29 2c 7b 77 69 64 74 68 3a 6d 2c 0a 68 65 69 67 68 74 3a 6d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 67 28 63 2c 43 2c 6d 29 7b 62 28 6c 2c 62 28 65 28 66 28 29 2c 7b 72 6f 74 61 74 69 6f 6e 3a 33 36 30 2f 64 2e 6c 69 6e 65 73 2a 63 2b 22 64 65 67 22 2c 6c 65 66 74 3a 7e 7e 43 7d 29 2c 62 28 65 28 61 28 22 72 6f 75 6e 64 72 65 63 74 22 2c 7b 61 72 63 73 69 7a 65 3a 64 2e 63 6f 72 6e 65 72 73 7d 29 2c 7b 77 69 64 74 68 3a 6b 2c
                                                            Data Ascii: #VML)");k.prototype.lines=function(c,d){function f(){return e(a("group",{coordsize:m+" "+m,coordorigin:-k+" "+-k}),{width:m,height:m})}function g(c,C,m){b(l,b(e(f(),{rotation:360/d.lines*c+"deg",left:~~C}),b(e(a("roundrect",{arcsize:d.corners}),{width:k,
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 2b 64 2e 6c 65 6e 67 74 68 2b 64 2e 77 69 64 74 68 2c 6d 2c 68 3b 61 26 26 28 61 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 67 2c 61 2e 66 69 72 73 74 43 68 69 6c 64 7c 7c 6e 75 6c 6c 29 2c 68 3d 66 28 61 29 2c 6d 3d 66 28 67 29 2c 65 28 67 2c 7b 6c 65 66 74 3a 28 22 61 75 74 6f 22 3d 3d 64 2e 6c 65 66 74 3f 68 2e 78 2d 6d 2e 78 2b 28 61 2e 6f 66 66 73 65 74 57 69 64 74 68 3e 3e 31 29 3a 70 61 72 73 65 49 6e 74 28 64 2e 6c 65 66 74 2c 31 30 29 2b 6b 29 2b 22 70 78 22 2c 74 6f 70 3a 28 22 61 75 74 6f 22 3d 3d 64 2e 74 6f 70 3f 68 2e 79 2d 6d 2e 79 2b 28 61 2e 6f 66 66 73 65 74 48 65 69 67 68 74 3e 3e 31 29 3a 70 61 72 73 65 49 6e 74 28 64 2e 74 6f 70 2c 31 30 29 2b 6b 29 2b 22 70 78 22 7d 29 29 3b 67 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 72 6f 6c 65
                                                            Data Ascii: +d.length+d.width,m,h;a&&(a.insertBefore(g,a.firstChild||null),h=f(a),m=f(g),e(g,{left:("auto"==d.left?h.x-m.x+(a.offsetWidth>>1):parseInt(d.left,10)+k)+"px",top:("auto"==d.top?h.y-m.y+(a.offsetHeight>>1):parseInt(d.top,10)+k)+"px"}));g.setAttribute("role
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 31 29 22 29 29 29 3b 72 65 74 75 72 6e 20 64 7d 2c 6f 70 61 63 69 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 62 3c 61 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 26 26 28 61 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 62 5d 2e 73 74 79 6c 65 2e 6f 70 61 63 69 74 79 3d 63 29 7d 7d 29 3b 76 61 72 20 77 3d 65 28 63 28 22 67 72 6f 75 70 22 29 2c 7b 62 65 68 61 76 69 6f 72 3a 22 75 72 6c 28 23 64 65 66 61 75 6c 74 23 56 4d 4c 29 22 7d 29 3b 21 64 28 77 2c 22 74 72 61 6e 73 66 6f 72 6d 22 29 26 26 77 2e 61 64 6a 3f 6d 28 29 3a 6e 3d 64 28 77 2c 22 61 6e 69 6d 61 74 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 6b 7d 29 3b 28 66 75 6e 63 74 69 6f 6e 28 63 2c 62 29 7b 63 2e 65 78 74 65 6e 64 28 7b 6a 73 6f 6e 52 50 43 3a 7b 76 65 72 73 69 6f 6e 3a 22 32
                                                            Data Ascii: 1)")));return d},opacity:function(a,b,c){b<a.childNodes.length&&(a.childNodes[b].style.opacity=c)}});var w=e(c("group"),{behavior:"url(#default#VML)"});!d(w,"transform")&&w.adj?m():n=d(w,"animation");return k});(function(c,b){c.extend({jsonRPC:{version:"2


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            21192.168.2.456547104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC636OUTGET /2023/07/24/0635/img/helper-button.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC504INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 2070
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=3259
                                                            Content-Disposition: inline; filename="helper-button.webp"
                                                            ETag: "64be1bd1-cbb"
                                                            Expires: Fri, 27 Sep 2024 06:42:08 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1111
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972415a0b43bb-EWR
                                                            2024-09-27 06:30:39 UTC865INData Raw: 52 49 46 46 0e 08 00 00 57 45 42 50 56 50 38 4c 02 08 00 00 2f 2f 00 0c 10 b5 50 9a fe 7f 6d 1b 95 ce 3d d3 0b e0 d6 cc ec 38 7f 49 ae 99 99 19 ca cc cc cc cb cc cc 0c d7 de 96 77 6f 4c 67 3a b3 67 34 ff 57 60 50 ac 71 0c 1a af ea 18 76 15 4b 90 6d bb 6d 1b ed 7f 7b 95 05 f5 a3 e3 a3 93 54 4f 0c 31 00 80 b4 ad ba ce bd 92 4a 5c 08 1e 4f 20 34 56 f7 d1 b2 06 80 80 56 e5 3d b4 0b eb c9 b6 5d 1b b0 eb c9 b6 6d db b6 cd ab b9 bf 6d 0c 4e 8d f1 e5 82 bf 97 76 0b 3f df bb 17 3d a6 cd 4b 0f cd d2 63 0e da bf 8b 1e d3 e0 78 c1 df 4b bb 25 cf e9 1e 3e 22 18 08 16 de b0 f2 06 b4 41 af b5 e4 39 d9 22 45 18 f5 ae 1b 99 eb 5d e1 fc 50 38 ff 83 36 a8 79 d7 81 04 c3 3f 18 54 d2 b7 bb fc e5 1f d4 f4 ed 06 85 8a 99 2b b9 cb 5d ee f2 00 f5 ff 46 23 7b 7d 80 dc 30 09 a5 06
                                                            Data Ascii: RIFFWEBPVP8L//Pm=8IwoLg:g4W`PqvKmm{TO1J\O 4VV=]mmNv?=KcxK%>"A9"E]P86y?T+]F#{}0
                                                            2024-09-27 06:30:39 UTC1205INData Raw: a6 69 df ba 67 e2 0a 50 a5 06 4d d3 0e da 43 41 a8 b9 c8 a0 8b a8 ca 00 81 52 a3 51 36 f2 9a 5e 4a 6a 93 98 f6 ae 5b 34 9e 9e 4e 97 fc eb 01 45 51 3e 72 e0 26 5b 4e 3a f0 90 1d 8a a2 bc 64 c7 c9 36 dc 64 8b 72 d1 2d 27 dd a8 3a e9 a0 d1 98 75 93 2d 17 dd b0 f2 8e 83 0d bc 64 cf bf 1e e0 99 99 30 85 29 c8 65 ad 29 78 c8 1e e4 a1 c6 e4 66 ff 76 d1 ad a4 94 b1 fb 8a 5b fc e4 b0 f2 cf 46 5c ed a1 7d 76 16 86 c6 e4 d4 26 e3 a4 5b f5 7a bd ea 06 95 fa e2 f3 75 c7 93 c3 f7 48 c4 81 93 dd bc f2 cc a6 ff 6b e5 83 3a 04 42 65 53 0e 3a 18 0c 06 36 d6 0b 7b 16 4a 76 6b 2c 3f e2 9c d4 73 c2 88 32 f1 ec 9f d3 4b c5 c1 da dc b9 04 2b 9f 19 fa ff c7 23 ae b5 f0 d6 21 cf ea 77 7a de f8 44 b3 f2 9d 62 9d d9 ec d2 e0 e3 c3 cc bf ab 7a 25 3e a1 d2 76 36 70 f1 26 7b 29 81 8a
                                                            Data Ascii: igPMCARQ6^Jj[4NEQ>r&[N:d6dr-':u-d0)e)xfv[F\}v&[zuHk:BeS:6{Jvk,?s2K+#!wzDbz%>v6p&{)


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            22192.168.2.456549104.16.79.734431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC618OUTGET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
                                                            Host: static.cloudflareinsights.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            Origin: https://app.prntscr.com
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: */*
                                                            Sec-Fetch-Site: cross-site
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: script
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC373INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: text/javascript;charset=UTF-8
                                                            Content-Length: 19948
                                                            Connection: close
                                                            Access-Control-Allow-Origin: *
                                                            Cache-Control: public, max-age=86400
                                                            ETag: W/"2024.6.1"
                                                            Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT
                                                            Cross-Origin-Resource-Policy: cross-origin
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724168670fa1-EWR
                                                            2024-09-27 06:30:39 UTC996INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b
                                                            Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 3b 69 66 28 61 5b 36 5d 3d 31 35 26 61 5b 36 5d 7c 36 34 2c 61 5b 38 5d 3d 36 33 26 61 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 31 36 3b 2b 2b 63 29 74 5b 6f 2b 63 5d 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 69 28 61 29 7d 7d 2c 31 36 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 31 2c 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67
                                                            Data Ascii: ;if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arg
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 72 63 68 50 61 72 61 6d 73 29 7b 76 61 72 20 79 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 67 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 3f 5d 2b 5c 3f 3f 2f 2c 22 22 29 29 2c 68 3d 79 2e 67 65 74 28 22 74 6f 6b 65 6e 22 29 3b 68 26 26 28 70 2e 74 6f 6b 65 6e 3d 68 29 3b 76 61 72 20 54 3d 79 2e 67 65 74 28 22 73 70 61 22 29 3b 70 2e 73 70 61 3d 6e 75 6c 6c 3d 3d 3d 54 7c 7c 22 74 72 75 65 22 3d 3d 3d 54 7d 7d 70 26 26 22 6d 75 6c 74 69 22 21 3d 3d 70 2e 6c 6f 61 64 26 26 28 70 2e 6c 6f 61 64 3d 22 73 69 6e 67 6c 65 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 63 66 42 65 61 63 6f 6e 3d 70 7d 69 66 28 73 26 26 70 26 26 70 2e 74 6f 6b 65 6e 29 7b 76 61 72 20 77 2c 53 2c 62 3d 21 31 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74
                                                            Data Ascii: rchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventList
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 2e 74 69 6d 69 6e 67 73 56 32 3d 7b 7d 2c 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 3d 32 2c 64 2e 64 74 3d 6d 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 2c 64 65 6c 65 74 65 20 64 2e 74 69 6d 69 6e 67 73 2c 74 28 6d 5b 30 5d 2c 64 2e 74 69 6d 69 6e 67 73 56 32 29 29 7d 31 3d 3d 3d 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 26 26 74 28 63 2c 64 2e 74 69 6d 69 6e 67 73 29 2c 74 28 75 2c 64 2e 6d 65 6d 6f 72 79 29 7d 65 6c 73 65 20 4f 28 64 29 3b 72 65 74 75 72 6e 20 64 2e 66 69 72 73 74 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 70 61 69 6e 74 22 29 2c 64 2e 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 29 2c 70 26 26 28 70 2e 69 63
                                                            Data Ascii: .timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.ic
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 65 72 65 64 3a 21 30 7d 7d 3b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 52 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 52 29 7d 29 29 3b 76 61 72 20 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4c 26 26 30 3d 3d 3d 76 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 64 3d 3d 3d 6c 7d 29 29 2e 6c 65 6e 67 74 68 7d 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 2e 70 75 73 68 28 7b 69 64 3a 6c 2c 75 72 6c 3a 65 2c 74 73 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65
                                                            Data Ascii: ered:!0}};"complete"===window.document.readyState?R():window.addEventListener("load",(function(){window.setTimeout(R)}));var A=function(){return L&&0===v.filter((function(e){return e.id===l})).length},_=function(e){v.push({id:l,url:e,ts:(new Date).getTime
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 72 63 65 4c 6f 61 64 54 69 6d 65 2c 45 2e 6c 63 70 2e 65 72 64 3d 63 2e 65 6c 65 6d 65 6e 74 52 65 6e 64 65 72 44 65 6c 61 79 2c 45 2e 6c 63 70 2e 69 74 3d 6e 75 6c 6c 3d 3d 3d 28 69 3d 63 2e 6c 63 70 52 65 73 6f 75 72 63 65 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 69 6e 69 74 69 61 74 6f 72 54 79 70 65 2c 45 2e 6c 63 70 2e 66 70 3d 6e 75 6c 6c 3d 3d 3d 28 61 3d 6e 75 6c 6c 3d 3d 3d 28 6f 3d 63 2e 6c 63 70 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 65 6c 65 6d 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 3f 76 6f 69 64 20 30 3a 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4e 50 22
                                                            Data Ascii: rceLoadTime,E.lcp.erd=c.elementRenderDelay,E.lcp.it=null===(i=c.lcpResourceEntry)||void 0===i?void 0:i.initiatorType,E.lcp.fp=null===(a=null===(o=c.lcpEntry)||void 0===o?void 0:o.element)||void 0===a?void 0:a.getAttribute("fetchpriority"));break;case"INP"
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 64 65 64 42 6f 64 79 53 69 7a 65 26 26 28 72 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 3d 6e 5b 30 5d 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 29 2c 65 2e 64 74 3d 6e 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 29 2c 74 28 72 2c 65 2e 74 69 6d 69 6e 67 73 56 32 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 76 61 72 20 74 3b 69 66 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 26 26 45 2e 66 63 70 26 26 45 2e 66 63 70 2e 76 61 6c 75 65 29 72 65 74 75 72 6e 20 45 2e 66 63 70 2e 76 61 6c 75 65 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 73 2e 67 65 74 45 6e 74 72 69
                                                            Data Ascii: dedBodySize&&(r.decodedBodySize=n[0].decodedBodySize),e.dt=n[0].deliveryType),t(r,e.timingsV2)}}function k(e){var t;if("first-contentful-paint"===e&&E.fcp&&E.fcp.value)return E.fcp.value;if("function"==typeof s.getEntriesByType){var n=null===(t=s.getEntri
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 76 65 6e 74 54 79 70 65 3d 7b 7d 29 29 5b 72 2e 4c 6f 61 64 3d 31 5d 3d 22 4c 6f 61 64 22 2c 72 5b 72 2e 41 64 64 69 74 69 6f 6e 61 6c 3d 32 5d 3d 22 41 64 64 69 74 69 6f 6e 61 6c 22 2c 72 5b 72 2e 57 65 62 56 69 74 61 6c 73 56 32 3d 33 5d 3d 22 57 65 62 56 69 74 61 6c 73 56 32 22 2c 28 6e 3d 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 7c 7c 28 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 3d 7b 7d 29 29 2e 48 69 67 68 3d 22 68 69 67 68 22 2c 6e 2e 4c 6f 77 3d 22 6c 6f 77 22 2c 6e 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 2c 31 30 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77
                                                            Data Ascii: ventType={}))[r.Load=1]="Load",r[r.Additional=2]="Additional",r[r.WebVitalsV2=3]="WebVitalsV2",(n=t.FetchPriority||(t.FetchPriority={})).High="high",n.Low="low",n.Auto="auto"},104:function(e,t){!function(e){"use strict";var t,n,r,i,o,a=function(){return w
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 30 3f 72 3d 22 70 72 65 72 65 6e 64 65 72 22 3a 64 6f 63 75 6d 65 6e 74 2e 77 61 73 44 69 73 63 61 72 64 65 64 3f 72 3d 22 72 65 73 74 6f 72 65 22 3a 6e 2e 74 79 70 65 26 26 28 72 3d 6e 2e 74 79 70 65 2e 72 65 70 6c 61 63 65 28 2f 5f 2f 67 2c 22 2d 22 29 29 29 2c 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 2d 31 3a 74 2c 72 61 74 69 6e 67 3a 22 67 6f 6f 64 22 2c 64 65 6c 74 61 3a 30 2c 65 6e 74 72 69 65 73 3a 5b 5d 2c 69 64 3a 22 76 33 2d 22 2e 63 6f 6e 63 61 74 28 44 61 74 65 2e 6e 6f 77 28 29 2c 22 2d 22 29 2e 63 6f 6e 63 61 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 38 39 39 39 39 39 39 39 39 39 39 39 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 65 31 32 29 2c 6e 61 76 69 67 61 74 69 6f 6e 54 79 70 65 3a 72 7d 7d 2c
                                                            Data Ascii: 0?r="prerender":document.wasDiscarded?r="restore":n.type&&(r=n.type.replace(/_/g,"-"))),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:r}},
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 72 65 72 65 6e 64 65 72 69 6e 67 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 3c 30 26 26 28 77 3d 53 28 29 2c 45 28 29 2c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 3d 53 28 29 2c 45 28 29 7d 29 2c 30 29 7d 29 29 29 2c 7b 67 65 74 20 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 28 29 7b 72 65 74 75 72 6e 20 77 7d 7d 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 6f 63 75 6d 65 6e 74 2e 70
                                                            Data Ascii: function(){removeEventListener("visibilitychange",b,!0),removeEventListener("prerenderingchange",b,!0)},C=function(){return w<0&&(w=S(),E(),l((function(){setTimeout((function(){w=S(),E()}),0)}))),{get firstHiddenTime(){return w}}},P=function(e){document.p


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            23192.168.2.456548104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC638OUTGET /2023/07/24/0635/img/button-icon-sep.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC502INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 40
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=928
                                                            Content-Disposition: inline; filename="button-icon-sep.webp"
                                                            ETag: "64be1bd1-3a0"
                                                            Expires: Fri, 27 Sep 2024 06:52:29 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 490
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972416eb82395-EWR
                                                            2024-09-27 06:30:39 UTC40INData Raw: 52 49 46 46 20 00 00 00 57 45 42 50 56 50 38 4c 14 00 00 00 2f 01 00 00 10 0f 30 ff f3 3f ff d7 fc 0f 3c 54 20 a2 ff 01
                                                            Data Ascii: RIFF WEBPVP8L/0?<T


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            24192.168.2.456545104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC633OUTGET /2023/07/24/0635/img/shadow-top.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC435INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 638
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1677, status=webp_bigger
                                                            ETag: "64be1bd1-68d"
                                                            Expires: Fri, 27 Sep 2024 06:36:54 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 1425
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724168f38cb1-EWR
                                                            2024-09-27 06:30:39 UTC638INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 72 00 00 00 14 08 04 00 00 00 a3 15 18 70 00 00 02 45 49 44 41 54 78 da ed 9a db 6e c3 30 0c 43 a3 ed ff bf 99 03 8a 0d c2 e6 96 08 c0 86 b5 56 4a 48 ac c8 72 fd 76 4a 5f ea a8 e3 66 df 6d fd 3c eb bb 9f ae 5d 47 93 96 45 6d b5 c6 ac 92 65 3a 27 e4 49 2f ab d2 ea 0c e3 07 cc 47 0d c3 e6 c3 e9 3a bd 0a 42 fe 71 0e b4 1f a4 92 46 ac ed af ce 2c cf fa ee da 05 54 1d 37 d6 54 c0 ad 99 8e 75 ac 95 80 ae ce 92 1e 15 76 56 7c d4 9b a0 0e 83 e6 c1 71 d8 e0 c6 fb 21 62 0f 02 f2 48 dc ad 02 ba 8e ba a2 c7 dd 81 15 79 ba 42 d0 6e 24 16 f4 9b 80 3b 01 78 6a 95 19 82 31 1f c4 b8 c1 52 05 21 2f 68 3a 0e 3c 4d d7 f5 9b 3f 7f 20 f7 08 73 67 00 27 a0 4d d5 68 75 31 c0 ea 05 58 2b 97 d2 1a 8a 4c 0c 9a 05 2f 40 1e 2e
                                                            Data Ascii: PNGIHDRrpEIDATxn0CVJHrvJ_fm<]GEme:'I/G:BqF,T7TuvV|q!bHyBn$;xj1R!/h:<M? sg'Mhu1X+L/@.


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            25192.168.2.456546104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC636OUTGET /2023/07/24/0635/img/helper-select.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC503INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 548
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=2068
                                                            Content-Disposition: inline; filename="helper-select.webp"
                                                            ETag: "64be1bd1-814"
                                                            Expires: Fri, 27 Sep 2024 06:42:08 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1111
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972416f0f15bb-EWR
                                                            2024-09-27 06:30:39 UTC548INData Raw: 52 49 46 46 1c 02 00 00 57 45 42 50 56 50 38 4c 0f 02 00 00 2f 28 00 0a 10 b7 e3 b0 6d 23 47 92 3c 77 f7 b1 ff ee be 8f fc fe d0 84 83 b6 91 24 c9 d9 97 3f ce a3 b0 ba 72 dc b6 91 24 59 ea 63 66 f6 bd f9 27 b3 e9 6c 02 b7 05 02 49 68 9b af d6 03 44 d7 cf ef bd 39 26 68 77 dd 40 15 82 c9 f0 4f 30 91 98 aa a6 20 09 02 49 85 a9 ab d7 3e b6 f3 62 4b 92 ca 8a 96 88 1a 04 2b 48 b0 80 2a 92 04 c8 a0 80 92 00 2a 85 aa 16 0b 40 81 3f 83 06 c0 02 65 08 35 09 1d 48 a9 24 48 ca 11 80 02 93 95 82 c4 64 41 a1 32 49 9d de fb 59 8e cd ca 04 58 08 d2 7b 91 43 82 0d a6 34 44 34 4c cb d2 d2 62 9a 08 d3 20 e5 58 2e bf 87 db f7 f2 f6 d7 ff df f5 7b ea fe 0c b2 25 c9 36 6d 6b 8e 63 db b6 6d db b6 71 7d ef b9 f6 ff 3f cc 3d f7 9e e3 0b 6a 44 f4 9f 91 db b6 91 e4 02 73 e5 6c 9f
                                                            Data Ascii: RIFFWEBPVP8L/(m#G<w$?r$Ycf'lIhD9&hw@O0 I>bK+H**@?e5H$HdA2IYX{C4D4Lb X.{%6mkcmq}?=jDsl


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            26192.168.2.456553104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC376OUTGET /2023/07/24/0635/js/jquery.1.8.2.min.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:39 UTC363INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:39 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-827c"
                                                            Expires: Fri, 27 Sep 2024 06:47:27 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 792
                                                            Server: cloudflare
                                                            CF-RAY: 8c997242ad0641c3-EWR
                                                            2024-09-27 06:30:39 UTC1006INData Raw: 37 65 33 37 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 31 2e 38 2e 32 20 6a 71 75 65 72 79 2e 63 6f 6d 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 47 28 61 29 7b 76 61 72 20 62 3d 46 5b 61 5d 3d 7b 7d 3b 72 65 74 75 72 6e 20 70 2e 65 61 63 68 28 61 2e 73 70 6c 69 74 28 73 29 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 63 29 7b 62 5b 63 5d 3d 21 30 7d 29 2c 62 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 2c 63 2c 64 29 7b 69 66 28 64 3d 3d 3d 62 26 26 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 29 7b 76 61 72 20 65 3d 22 64 61 74 61 2d 22 2b 63 2e 72 65 70 6c 61 63 65 28 49 2c 22 2d 24 31 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 64 3d 61 2e 67 65 74 41 74 74 72
                                                            Data Ascii: 7e37/*! jQuery v1.8.2 jquery.com | jquery.org/license */(function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttr
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 64 29 7d 72 65 74 75 72 6e 20 70 2e 67 72 65 70 28 61 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 64 29 7b 72 65 74 75 72 6e 20 70 2e 69 6e 41 72 72 61 79 28 61 2c 62 29 3e 3d 30 3d 3d 3d 63 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 62 6b 28 61 29 7b 76 61 72 20 62 3d 62 6c 2e 73 70 6c 69 74 28 22 7c 22 29 2c 63 3d 61 2e 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 28 29 3b 69 66 28 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 29 77 68 69 6c 65 28 62 2e 6c 65 6e 67 74 68 29 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 2e 70 6f 70 28 29 29 3b 72 65 74 75 72 6e 20 63 7d 66 75 6e 63 74 69 6f 6e 20 62 43 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 62 29 5b 30 5d 7c 7c 61 2e 61 70 70
                                                            Data Ascii: d)}return p.grep(a,function(a,d){return p.inArray(a,b)>=0===c})}function bk(a){var b=bl.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function bC(a,b){return a.getElementsByTagName(b)[0]||a.app
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 3b 76 61 72 20 63 3d 62 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 62 2e 73 6c 69 63 65 28 31 29 2c 64 3d 62 2c 65 3d 62 57 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 65 2d 2d 29 7b 62 3d 62 57 5b 65 5d 2b 63 3b 69 66 28 62 20 69 6e 20 61 29 72 65 74 75 72 6e 20 62 7d 72 65 74 75 72 6e 20 64 7d 66 75 6e 63 74 69 6f 6e 20 62 5a 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 62 7c 7c 61 2c 70 2e 63 73 73 28 61 2c 22 64 69 73 70 6c 61 79 22 29 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 21 70 2e 63 6f 6e 74 61 69 6e 73 28 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 61 29 7d 66 75 6e 63 74 69 6f 6e 20 62 24 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 5b 5d 2c 66 3d 30 2c 67 3d 61 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 66 3c 67 3b 66
                                                            Data Ascii: ;var c=b.charAt(0).toUpperCase()+b.slice(1),d=b,e=bW.length;while(e--){b=bW[e]+c;if(b in a)return b}return d}function bZ(a,b){return a=b||a,p.css(a,"display")==="none"||!p.contains(a.ownerDocument,a)}function b$(a,b){var c,d,e=[],f=0,g=a.length;for(;f<g;f
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 64 3d 70 61 72 73 65 46 6c 6f 61 74 28 64 29 7c 7c 30 7d 72 65 74 75 72 6e 20 64 2b 63 61 28 61 2c 62 2c 63 7c 7c 28 66 3f 22 62 6f 72 64 65 72 22 3a 22 63 6f 6e 74 65 6e 74 22 29 2c 65 29 2b 22 70 78 22 7d 66 75 6e 63 74 69 6f 6e 20 63 63 28 61 29 7b 69 66 28 62 53 5b 61 5d 29 72 65 74 75 72 6e 20 62 53 5b 61 5d 3b 76 61 72 20 62 3d 70 28 22 3c 22 2b 61 2b 22 3e 22 29 2e 61 70 70 65 6e 64 54 6f 28 65 2e 62 6f 64 79 29 2c 63 3d 62 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 29 3b 62 2e 72 65 6d 6f 76 65 28 29 3b 69 66 28 63 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 63 3d 3d 3d 22 22 29 7b 62 49 3d 65 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 49 7c 7c 70 2e 65 78 74 65 6e 64 28 65 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29
                                                            Data Ascii: d=parseFloat(d)||0}return d+ca(a,b,c||(f?"border":"content"),e)+"px"}function cc(a){if(bS[a])return bS[a];var b=p("<"+a+">").appendTo(e.body),c=b.css("display");b.remove();if(c==="none"||c===""){bI=e.body.appendChild(bI||p.extend(e.createElement("iframe")
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 20 63 43 28 61 2c 63 2c 64 29 7b 76 61 72 20 65 2c 66 2c 67 2c 68 2c 69 3d 61 2e 63 6f 6e 74 65 6e 74 73 2c 6a 3d 61 2e 64 61 74 61 54 79 70 65 73 2c 6b 3d 61 2e 72 65 73 70 6f 6e 73 65 46 69 65 6c 64 73 3b 66 6f 72 28 66 20 69 6e 20 6b 29 66 20 69 6e 20 64 26 26 28 63 5b 6b 5b 66 5d 5d 3d 64 5b 66 5d 29 3b 77 68 69 6c 65 28 6a 5b 30 5d 3d 3d 3d 22 2a 22 29 6a 2e 73 68 69 66 74 28 29 2c 65 3d 3d 3d 62 26 26 28 65 3d 61 2e 6d 69 6d 65 54 79 70 65 7c 7c 63 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 29 29 3b 69 66 28 65 29 66 6f 72 28 66 20 69 6e 20 69 29 69 66 28 69 5b 66 5d 26 26 69 5b 66 5d 2e 74 65 73 74 28 65 29 29 7b 6a 2e 75 6e 73 68 69 66 74 28 66 29 3b 62 72 65 61 6b 7d
                                                            Data Ascii: function cC(a,c,d){var e,f,g,h,i=a.contents,j=a.dataTypes,k=a.responseFields;for(f in k)f in d&&(c[k[f]]=d[f]);while(j[0]==="*")j.shift(),e===b&&(e=a.mimeType||c.getResponseHeader("content-type"));if(e)for(f in i)if(i[f]&&i[f].test(e)){j.unshift(f);break}
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 29 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 63 4e 7c 7c 63 55 28 29 2c 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 6a 2e 73 74 61 72 74 54 69 6d 65 2b 6a 2e 64 75 72 61 74 69 6f 6e 2d 62 29 2c 64 3d 31 2d 28 63 2f 6a 2e 64 75 72 61 74 69 6f 6e 7c 7c 30 29 2c 65 3d 30 2c 66 3d 6a 2e 74 77 65 65 6e 73 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 65 3c 66 3b 65 2b 2b 29 6a 2e 74 77 65 65 6e 73 5b 65 5d 2e 72 75 6e 28 64 29 3b 72 65 74 75 72 6e 20 68 2e 6e 6f 74 69 66 79 57 69 74 68 28 61 2c 5b 6a 2c 64 2c 63 5d 29 2c 64 3c 31 26 26 66 3f 63 3a 28 68 2e 72 65 73 6f 6c 76 65 57 69 74 68 28 61 2c 5b 6a 5d 29 2c 21 31 29 7d 2c 6a 3d 68 2e 70 72 6f 6d 69 73 65 28 7b 65 6c 65 6d 3a 61 2c 70 72 6f 70 73 3a 70 2e 65 78 74 65 6e 64 28 7b 7d 2c 62 29 2c 6f 70
                                                            Data Ascii: ),i=function(){var b=cN||cU(),c=Math.max(0,j.startTime+j.duration-b),d=1-(c/j.duration||0),e=0,f=j.tweens.length;for(;e<f;e++)j.tweens[e].run(d);return h.notifyWith(a,[j,d,c]),d<1&&f?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:p.extend({},b),op
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 6d 70 74 79 2e 66 69 72 65 2c 6a 2e 65 6d 70 74 79 2e 66 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 2e 75 6e 71 75 65 75 65 64 7c 7c 6b 28 29 7d 29 2c 6a 2e 75 6e 71 75 65 75 65 64 2b 2b 2c 6c 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6a 2e 75 6e 71 75 65 75 65 64 2d 2d 2c 70 2e 71 75 65 75 65 28 61 2c 22 66 78 22 29 2e 6c 65 6e 67 74 68 7c 7c 6a 2e 65 6d 70 74 79 2e 66 69 72 65 28 29 7d 29 7d 29 29 2c 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 31 26 26 28 22 68 65 69 67 68 74 22 69 6e 20 62 7c 7c 22 77 69 64 74 68 22 69 6e 20 62 29 26 26 28 63 2e 6f 76 65 72 66 6c 6f 77 3d 5b 6d 2e 6f 76 65 72 66 6c 6f 77 2c 6d 2e 6f 76 65 72 66 6c 6f 77 58 2c 6d 2e 6f 76 65 72 66 6c 6f 77 59 5d
                                                            Data Ascii: mpty.fire,j.empty.fire=function(){j.unqueued||k()}),j.unqueued++,l.always(function(){l.always(function(){j.unqueued--,p.queue(a,"fx").length||j.empty.fire()})})),a.nodeType===1&&("height"in b||"width"in b)&&(c.overflow=[m.overflow,m.overflowX,m.overflowY]
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 70 72 6f 74 6f 74 79 70 65 2e 70 75 73 68 2c 6b 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2c 6c 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 64 65 78 4f 66 2c 6d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 6f 3d 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 69 6d 2c 70 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 70 2e 66 6e 2e 69 6e 69 74 28 61 2c 62 2c 63 29 7d 2c 71 3d 2f 5b 5c 2d 2b 5d 3f 28 3f 3a 5c 64 2a 5c 2e 7c 29 5c 64 2b 28 3f 3a 5b 65 45 5d 5b 5c 2d 2b 5d 3f 5c 64 2b 7c 29 2f 2e 73 6f 75 72 63 65 2c 72 3d 2f 5c 53 2f 2c 73 3d 2f
                                                            Data Ascii: prototype.push,k=Array.prototype.slice,l=Array.prototype.indexOf,m=Object.prototype.toString,n=Object.prototype.hasOwnProperty,o=String.prototype.trim,p=function(a,b){return new p.fn.init(a,b,c)},q=/[\-+]?(?:\d*\.|)\d+(?:[eE][\-+]?\d+|)/.source,r=/\S/,s=/
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 72 6e 21 63 7c 7c 63 2e 6a 71 75 65 72 79 3f 28 63 7c 7c 64 29 2e 66 69 6e 64 28 61 29 3a 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 63 29 2e 66 69 6e 64 28 61 29 7d 72 65 74 75 72 6e 20 70 2e 69 73 46 75 6e 63 74 69 6f 6e 28 61 29 3f 64 2e 72 65 61 64 79 28 61 29 3a 28 61 2e 73 65 6c 65 63 74 6f 72 21 3d 3d 62 26 26 28 74 68 69 73 2e 73 65 6c 65 63 74 6f 72 3d 61 2e 73 65 6c 65 63 74 6f 72 2c 74 68 69 73 2e 63 6f 6e 74 65 78 74 3d 61 2e 63 6f 6e 74 65 78 74 29 2c 70 2e 6d 61 6b 65 41 72 72 61 79 28 61 2c 74 68 69 73 29 29 7d 2c 73 65 6c 65 63 74 6f 72 3a 22 22 2c 6a 71 75 65 72 79 3a 22 31 2e 38 2e 32 22 2c 6c 65 6e 67 74 68 3a 30 2c 73 69 7a 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6c 65 6e 67 74 68 7d 2c 74 6f
                                                            Data Ascii: rn!c||c.jquery?(c||d).find(a):this.constructor(c).find(a)}return p.isFunction(a)?d.ready(a):(a.selector!==b&&(this.selector=a.selector,this.context=a.context),p.makeArray(a,this))},selector:"",jquery:"1.8.2",length:0,size:function(){return this.length},to
                                                            2024-09-27 06:30:39 UTC1369INData Raw: 29 69 66 28 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 69 5d 29 21 3d 6e 75 6c 6c 29 66 6f 72 28 63 20 69 6e 20 61 29 7b 64 3d 68 5b 63 5d 2c 65 3d 61 5b 63 5d 3b 69 66 28 68 3d 3d 3d 65 29 63 6f 6e 74 69 6e 75 65 3b 6b 26 26 65 26 26 28 70 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 65 29 7c 7c 28 66 3d 70 2e 69 73 41 72 72 61 79 28 65 29 29 29 3f 28 66 3f 28 66 3d 21 31 2c 67 3d 64 26 26 70 2e 69 73 41 72 72 61 79 28 64 29 3f 64 3a 5b 5d 29 3a 67 3d 64 26 26 70 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28 64 29 3f 64 3a 7b 7d 2c 68 5b 63 5d 3d 70 2e 65 78 74 65 6e 64 28 6b 2c 67 2c 65 29 29 3a 65 21 3d 3d 62 26 26 28 68 5b 63 5d 3d 65 29 7d 72 65 74 75 72 6e 20 68 7d 2c 70 2e 65 78 74 65 6e 64 28 7b 6e 6f 43 6f 6e 66 6c 69 63 74 3a 66 75 6e 63 74 69 6f 6e
                                                            Data Ascii: )if((a=arguments[i])!=null)for(c in a){d=h[c],e=a[c];if(h===e)continue;k&&e&&(p.isPlainObject(e)||(f=p.isArray(e)))?(f?(f=!1,g=d&&p.isArray(d)?d:[]):g=d&&p.isPlainObject(d)?d:{},h[c]=p.extend(k,g,e)):e!==b&&(h[c]=e)}return h},p.extend({noConflict:function


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            27192.168.2.456555104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:39 UTC642OUTGET /2023/07/24/0635/img/icon-twitter_gscale.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC508INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 374
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=1535
                                                            Content-Disposition: inline; filename="icon-twitter_gscale.webp"
                                                            ETag: "64be1bd1-5ff"
                                                            Expires: Fri, 27 Sep 2024 06:44:07 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 993
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972446e150f49-EWR
                                                            2024-09-27 06:30:40 UTC374INData Raw: 52 49 46 46 6e 01 00 00 57 45 42 50 56 50 38 4c 62 01 00 00 2f 11 80 03 10 35 40 d1 b6 ed d8 74 f5 99 05 d8 2b 30 d2 9f c7 76 b5 6d 45 4f b4 11 6d 64 4f b2 6d 33 31 7e 58 c3 f3 45 c0 b9 6d ed 98 f3 8c 6d c5 ac ec 54 ae ec d4 4e 65 bb b5 5d b2 b2 8d ff 90 95 ca b6 59 8d 67 6e c2 d8 90 5f 7a c2 84 44 c4 68 76 78 9a fe fb fc ff 7b dd 5c 88 b9 2e 38 89 85 05 77 b1 f0 eb 6e 2c 0e 16 24 82 f8 ec e0 17 22 f2 6d 7b 7d 99 ac 43 8c bc b3 ff 0b 4f ff ab f5 09 62 08 66 61 fc 87 ed 0b ca 95 be a6 13 a5 98 ea 4f 2d 0f 30 8e 4e d6 db 06 a3 eb 3b ef f1 00 a5 fa 98 0c 64 88 4c 45 5d af 27 38 85 88 ec 99 4e 70 0a 25 73 13 7f 38 08 8b 5b 36 ed 1b d8 82 5e 58 2f 5a 08 91 79 46 db e7 12 f4 c6 8c 56 85 48 20 38 84 da 8c 37 19 66 31 0f 6d d1 25 31 70 20 41 6e 91 d3 f4 37 04 6d
                                                            Data Ascii: RIFFnWEBPVP8Lb/5@t+0vmEOmdOm31~XEmmTNe]Ygn_zDhvx{\.8wn,$"m{}CObfaO-0N;dLE]'8Np%s8[6^X/ZyFVH 87f1m%1p An7m


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            28192.168.2.456554104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC635OUTGET /2023/07/24/0635/img/helper-share.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC503INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 1630
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=3011
                                                            Content-Disposition: inline; filename="helper-share.webp"
                                                            ETag: "64be1bd1-bc3"
                                                            Expires: Fri, 27 Sep 2024 06:41:51 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1129
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724498e50f97-EWR
                                                            2024-09-27 06:30:40 UTC866INData Raw: 52 49 46 46 56 06 00 00 57 45 42 50 56 50 38 4c 4a 06 00 00 2f 38 40 09 10 4d 30 6c db 36 72 0e 4c db 7b 15 d1 ff e0 e5 ba 2e 3f fe 99 08 f3 d3 af 50 6a c1 36 92 ad 36 1b 12 31 36 04 49 fd d7 e7 6d 1d 6c 23 49 72 d2 01 bc 02 93 fc a3 f9 28 de 44 6b b0 59 45 92 d4 6a c8 c8 c0 bf 22 3e 91 70 45 86 17 aa ff 01 94 a0 a7 bb 36 75 19 2a 00 a4 b3 a6 b3 2e 65 83 da 01 d2 5f cb da 9d 69 ef 7d 10 13 49 77 4d ae 26 10 47 e9 a1 ab 1d b4 fe d3 37 7d d3 90 42 5e fd 2f 7b d3 68 89 5c 6b db 14 49 f9 aa 5a 46 7b 05 77 f7 4c 23 87 88 d0 3d 86 cc dd 89 89 c8 ed 26 48 21 74 77 27 72 59 f7 6d 2d a4 77 aa 66 ae e0 c3 1d 28 d7 d6 b6 6c 6b f6 79 be 0f 77 b7 06 dc 3a 80 21 33 4a a0 15 ba a2 86 78 52 43 86 ee c9 67 b7 dc da b6 5d 3b 59 6b df fb e4 15 2a 93 f0 84 be 7a 32 42 1a b0
                                                            Data Ascii: RIFFVWEBPVP8LJ/8@M0l6rL{.?Pj6616Iml#Ir(DkYEj">pE6u*.e_i}IwM&G7}B^/{h\kIZF{wL#=&H!tw'rYm-wf(lkyw:!3JxRCg];Yk*z2B
                                                            2024-09-27 06:30:40 UTC764INData Raw: fb f7 8f 8d fb 9e 44 3c 7e fc 5f bb 9d 3a 5d 67 94 13 3a a4 2a 62 e8 84 06 a8 ab cf 1b 87 72 c0 cf 00 32 9f a5 bc 1d bd e5 29 fc aa 43 f9 04 d0 57 0b 35 eb ef 5f 5b 76 39 87 38 cf 2d 3b 3e 3a bd ff df e5 7c 4f d3 c8 09 2d 52 41 77 6a 98 7a b3 d6 b9 ba d3 ac 41 ba 19 ae 9d 6e 89 0f 1b 3f 74 40 94 a0 f4 d4 42 a1 7f ff 6c db 7b 05 71 84 04 d6 ed da f3 cb 81 6f 18 71 7d 3d 4c 29 47 7a 54 e4 c3 6b 78 d5 de 95 ac de d0 2e de 9f c2 66 e9 08 31 01 0c ba fd fb 7f e7 de 1b 88 5d 24 e9 8e 8b 3a d7 1c b7 f3 fb 39 e0 a1 db a4 82 f4 a8 a0 1d 9a b6 7f bf 72 b6 09 70 f0 f9 35 b0 e5 ff 53 9d 29 52 34 28 5a 91 3d 7b ee 22 36 f1 43 20 0a 08 b7 6c 4e 66 6e fe e1 ac fb d3 b9 49 28 48 8f 51 a8 57 45 94 2e 36 63 86 ff a5 80 43 6a 0e 34 a8 16 51 bb 3e bc 79 80 58 c9 74 e0 ff ea
                                                            Data Ascii: D<~_:]g:*br2)CW5_[v98-;>:|O-RAwjzAn?t@Bl{qoq}=L)GzTkx.f1]$:9rp5S)R4(Z={"6C lNfnI(HQWE.6cCj4Q>yXt


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            29192.168.2.456557104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC377OUTGET /2023/07/24/0635/img/button-download.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC428INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 370
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1404
                                                            ETag: "64be1bd1-57c"
                                                            Expires: Fri, 27 Sep 2024 06:46:54 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 826
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724499f84249-EWR
                                                            2024-09-27 06:30:40 UTC370INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 13 00 00 00 12 08 04 00 00 00 13 05 2d e2 00 00 01 39 49 44 41 54 78 da 85 d0 bb 4b 42 61 1c c6 f1 87 14 84 0a 0e 92 62 0e e9 e4 16 21 61 60 63 10 f5 07 b4 2a 0d dd 97 06 87 0a a1 a2 a1 29 e7 16 41 82 a6 86 e8 36 46 10 11 48 43 84 5b 43 05 42 17 14 a9 d3 f5 e4 b9 bc 4f ef 60 d4 11 3d 7e 9e e9 07 df e9 87 46 d8 c6 00 db e1 8c 4b 2c a8 c3 b7 8a 73 94 20 8f 52 50 e0 82 13 ed 8c 62 34 88 56 be ef 8d 0f b4 a1 19 f6 d2 c7 4d fe da a2 9b 71 d4 63 92 96 99 4d c6 b4 27 4a c6 eb ca 90 35 47 72 c1 1e 45 c5 17 29 cc 52 5f 66 5c e8 14 db a9 9c df 2a 93 34 39 f2 17 79 c5 9d 56 da 5b dd 5d be 8e a1 f3 24 73 99 83 f7 31 7c 98 de 5f ab 56 44 85 e1 5a 66 ed 90 f9 0c fc f0 a1 03 40 10 21 00 1e 79 f9 4f d7 49 f3 9c ae
                                                            Data Ascii: PNGIHDR-9IDATxKBab!a`c*)A6FHC[CBO`=~FK,s RPb4VMqcM'J5GrE)R_f\*49yV[]$s1|_VDZf@!yOI


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            30192.168.2.456556104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC382OUTGET /2023/07/24/0635/img/icon-facebook_gscale.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC428INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 330
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1325
                                                            ETag: "64be1bd1-52d"
                                                            Expires: Fri, 27 Sep 2024 06:58:52 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 108
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972449fdb8c8f-EWR
                                                            2024-09-27 06:30:40 UTC330INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0a 00 00 00 12 08 04 00 00 00 c8 be 87 c0 00 00 01 11 49 44 41 54 78 da 4d cc 4f 28 83 71 1c c7 f1 f7 6f a3 6d 4d ac a6 15 39 48 0e 34 c2 1c 56 23 4a 91 9b 5c 9c e5 20 5a 6e 42 b9 29 f7 b5 8b ab 83 93 94 44 6d 0e 3c b9 a9 e5 f2 e4 40 51 0e 44 fe 5c 3c cb 1e 7b fe 7c f5 8b 66 9f d7 ed 7d f8 00 40 a0 98 7c 3f aa be 39 96 63 d9 0f 34 03 a8 85 8e e7 eb aa fc b2 3d 92 00 0d 6b b3 65 d1 0e 2a f3 8f d9 53 52 00 e1 b9 c5 0f d1 86 8a 6c 30 43 3b 40 64 6a e9 49 b4 e9 2d ba 88 d1 08 4d e6 55 e9 e5 4e b4 d2 ab 79 7b b1 49 08 7a 4c df 94 7f 7b c7 24 20 53 f8 32 fc 4b d1 0c df 70 b7 cf e8 84 fe 78 be ef e6 5c b4 e1 fb f8 61 62 99 36 88 91 ee cd 9d 88 96 da 61 92 6e 22 a0 88 66 56 f6 45 9b 58 a7 85 20 0a 20 92 ce
                                                            Data Ascii: PNGIHDRIDATxMO(qomM9H4V#J\ ZnB)Dm<@QD\<{|f}@|?9c4=ke*SRl0C;@djI-MUNy{IzL{$ S2Kpx\ab6an"fVEX


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            31192.168.2.456558104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC607OUTGET /2023/07/24/0635/img/img-pic-480.jpg HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC420INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/jpeg
                                                            Content-Length: 29907
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=31830
                                                            ETag: "64be1bfb-7982"
                                                            Expires: Fri, 27 Sep 2024 06:31:10 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 1770
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724629c842f4-EWR
                                                            2024-09-27 06:30:40 UTC949INData Raw: ff d8 ff e1 00 02 ff e1 00 02 ff db 00 84 00 04 03 03 03 03 03 04 03 03 04 06 04 03 04 06 07 05 04 04 05 07 08 06 06 07 06 06 08 0a 08 09 09 09 09 08 0a 0a 0c 0c 0c 0c 0c 0a 0c 0c 0d 0d 0c 0c 11 11 11 11 11 14 14 14 14 14 14 14 14 14 14 01 04 05 05 08 07 08 0f 0a 0a 0f 14 0e 0e 0e 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c2 00 11 08 01 3d 01 e0 03 01 11 00 02 11 01 03 11 01 ff c4 00 2f 00 00 01 05 01 01 01 01 00 00 00 00 00 00 00 00 00 02 00 01 03 04 05 06 07 08 09 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 f9 04 be 11 6c 94 98 90 bc 7a b9 c7 9c d9 7c bc 48 10 61 12 13 96 49 4b 81 92 17 0b 05
                                                            Data Ascii: =/lz|HaIK
                                                            2024-09-27 06:30:40 UTC1369INData Raw: f9 b4 ae 51 21 11 54 02 b0 c3 04 18 41 08 b2 4a 40 00 41 92 92 93 06 20 4b 04 44 a3 0c 31 19 00 26 a9 b4 59 37 4a e4 a5 33 60 df 37 8d f2 99 54 e3 cd 33 5c 23 a8 36 8d 03 e9 a2 70 4f cf a3 c1 8c f2 12 20 48 81 2b 0c 39 30 c3 8c 19 20 e0 82 11 28 89 02 08 98 8c a2 08 43 82 11 18 e5 a3 48 d8 3a 43 a2 39 53 60 a8 77 65 32 f1 d3 17 4c 23 e7 63 30 72 c1 60 bc 7d 8e 7d 4c 23 98 3f 35 8e 18 ae 01 54 61 82 22 28 96 03 0c 43 0c 18 43 0e 20 c0 08 10 84 30 62 04 90 61 c9 01 0c db 3b 63 3c ac 4a 75 26 89 e9 66 41 ce 97 8d 93 8a 3c 64 a4 22 d1 39 39 a8 7d 16 7a 71 f3 79 e2 e6 79 19 5c 01 83 00 84 aa 38 64 81 0c 38 43 84 21 87 08 71 c3 18 60 87 08 00 c4 30 c3 9a 67 6e 69 9c 38 c7 7a 7a 59 de 1e 70 11 94 40 68 1e 36 72 e4 c4 e5 92 40 07 2b 14 c0 20 21 18 44 23 8c 46 50
                                                            Data Ascii: Q!TAJ@A KD1&Y7J3`7T3\#6pO H+90 (CH:C9S`we2L#c0r`}}L#?5Ta"(CC 0ba;c<Ju&fA<d"99}zqyy\8d8C!q`0gni8zzYp@h6r@+ !D#FP
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 86 1c 71 c7 10 83 10 e1 8e 18 e3 8e 4a 11 20 c4 83 86 4e 11 20 61 12 80 46 40 44 71 02 10 87 18 61 c9 46 1c 42 1c 40 8e 38 40 92 91 82 4c 58 00 60 84 30 e4 41 82 18 82 18 11 0e 30 62 04 60 09 82 00 94 8c 94 70 c3 1c 12 41 18 63 8e 30 40 8c 38 43 8c 21 08 30 46 10 83 18 11 c9 89 c2 18 44 62 1c 43 02 18 87 23 10 84 30 87 08 61 83 18 43 91 84 4e 5b 18 ac 46 44 39 60 71 0e 10 41 02 48 4a 10 c3 88 61 87 26 22 23 1c 10 cb 44 c0 8c 01 5c 88 71 02 40 00 03 02 30 43 11 88 71 08 41 0c 30 82 04 94 42 00 61 82 1c 11 82 0c 20 89 84 10 23 04 10 44 a0 8e 30 86 08 94 9c 43 8e 4a 00 c3 8e 52 32 c7 1c 10 44 38 c0 8e 21 87 18 61 c6 10 42 1c 43 08 43 08 ac 08 e2 04 20 83 10 e3 12 82 30 87 0c 61 0e 21 c9 cb c1 08 22 22 a8 c4 a3 95 88 82 08 11 86 10 c0 84 08 e2 10 e3 08 43 8c
                                                            Data Ascii: qJ N aF@DqaFB@8@LX`0A0b`pAc0@8C!0FDbC#0aCN[FD9`qAHJa&"#D\q@0CqA0Ba #D0CJR2D8!aBCC 0a!""C
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 0f 74 21 34 14 0a 19 6d 86 d5 b0 18 82 a5 af 92 4f 62 95 49 ed 02 ed 0c 8f cc 1f 48 a1 da 68 52 68 03 4e 74 3d 80 a4 74 96 db 6d b6 ca 31 29 4b 78 38 a5 d5 da 3b 1d 23 a1 48 a7 d3 60 e5 f5 a9 1f e3 5d 24 20 51 a7 88 f4 50 3d 24 74 cd 4b 45 1d 14 e1 4b 5b 85 14 a6 96 9e 85 0a 4f 69 ac 13 4e ae e2 dd 48 fc 47 e0 dd 2d 49 a1 42 8d 5c 50 f4 26 85 24 6b c1 34 85 34 b4 10 bc d4 b5 2d 46 12 85 55 e0 e9 34 3b 00 06 ea e9 2d 74 b4 38 8f c6 7d 90 29 34 0c a8 ba 53 53 32 48 a0 96 52 8a 0c b8 c0 43 48 81 5b 32 29 c0 a6 94 bb ee 85 0a 45 2e 85 0a 14 d1 bf 4d bb 8f 39 e4 ad 5f 90 f5 85 50 a1 e8 ba 9e b2 25 a0 d2 59 18 80 fa 52 a4 af 29 a4 9c f3 71 d2 ea 69 e7 3a 05 25 ce a4 53 25 f4 22 af c7 e8 9f 56 c3 85 14 12 ae 8d 1a 99 9e 9b 36 c6 a5 b5 5d bc 9b 83 79 e7 0b 9d de
                                                            Data Ascii: t!4mObIHhRhNt=tm1)Kx8;#H`]$ QP=$tKEK[OiNHG-IB\P&$k44-FU4;-t8})4SS2HRCH[2)E.M9_P%YR)qi:%S%"V6]y
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 82 b2 f9 86 ef 72 d3 d4 a7 55 23 a1 8a b6 04 ef 64 8a cf 1c 4a 90 e6 3a 9f 31 89 7d 2a 9f 99 f0 63 af 03 f9 dd 7f fe 9c fb 27 6e cd 5f 5a dd 5c 04 26 5a 8a 66 22 fa 5e 22 ce 2b 11 aa 8a ea d7 13 8a 29 b4 8a 64 1a 64 55 d9 d6 c0 c4 b5 55 fd ca 76 c5 94 15 4b 4c a1 2a 69 ac 8a 12 8d d9 d0 54 69 3c 0c 4b 69 10 f3 3e 0c 7c b5 e0 7f 35 17 bb 8e f3 ec b9 2d 5e 1d 8a dc 52 d1 d1 66 4e 38 a4 c5 c7 06 42 5d 6e 26 c1 b1 93 fc 0d c7 32 53 cd 93 ab 82 3a 38 b6 cd b9 f8 0a 25 a3 7e 03 da 46 ce 8d 4f c8 bf 56 24 ab ce f9 9d 1c 76 99 fc cc 4f 83 1d 78 1f 1e 1a ec b5 3d 70 b2 fd c8 10 e2 53 28 69 6e d3 76 34 5e f1 a1 be 2c d0 f9 b3 47 8e 52 28 c5 3d 99 90 58 6d 91 ef 8b be 49 e1 19 62 55 ef 22 af 78 af cc ae 8d 2b f0 69 31 7b 36 2b 47 32 ab c8 af c2 26 92 fe 86 69 7d c3
                                                            Data Ascii: rU#dJ:1}*c'n_Z\&Zf"^"+)ddUUvKL*iTi<Ki>|5-^RfN8B]n&2S:8%~FOV$vOx=pS(inv4^,GR(=XmIbU"x+i1{6+G2&i}
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 5b 04 8b 60 63 8e a5 b1 28 be 26 c4 9a 7b b6 bf 9e e6 dc 0d 8a b2 8f e4 5d 1d 3a 8d 5f 0d 97 f8 21 52 f3 a6 c7 17 fa 2c 6f c8 be 1b bf 13 d3 77 0d 6f 01 3c 4c 5d f5 59 59 1b 59 9b 2e c7 88 ac 5f 21 ac cb bb 8d b6 62 60 35 59 ee f5 e4 bf 3b 9d 53 a3 ac a7 ea 74 9a 35 5a 4f 38 63 14 33 6f 3c cd 87 d9 2d fe a7 99 72 da b1 d5 f1 5e fb b8 b9 11 6b 1a 65 39 be 57 25 19 34 35 e4 61 aa c3 1b d6 90 8b f5 4f 8d bb f1 3f 1b 98 f9 97 a7 72 d3 8f 76 a2 27 4e ac a1 c9 92 1c dd df e8 5a 5b 3b b9 79 9f 12 5e 7a ad 90 f5 df 33 6b 2c cb 4f 1c cd a8 60 58 6e d5 3d 4b 8b 72 d8 ea 42 1e 36 33 99 b7 37 2f 42 fb 9f 12 3a af ab 23 6a 9b 44 94 3f e9 23 e2 a9 f7 d7 e8 af 22 ef 5d b5 7f 73 1d ec 0c 7c 4c 49 28 dd 64 46 f7 fd 88 d3 a6 9f ec 51 b6 32 b3 28 2f a8 d1 f2 db c4 a7 3c 14
                                                            Data Ascii: [`c(&{]:_!R,owo<L]YYY._!b`5Y;St5ZO8c3o<-r^ke9W%45aO?rv'NZ[;y^z3k,O`Xn=KrB637/B:#jD?#"]s|LI(dFQ2(/<
                                                            2024-09-27 06:30:40 UTC1369INData Raw: c8 68 52 ff 00 4b 2b 3c 1d 53 45 31 c6 e4 39 4e 04 da e1 14 1f b8 b7 45 e0 f9 c9 a1 74 27 70 a6 39 32 4b bd 18 c8 dc 75 b6 fa 89 f4 6e 7a 91 8e a2 31 22 24 cc 0a 49 55 6c 2b 42 c0 e3 9f c8 9c d2 eb 62 a5 36 4b b1 b5 42 72 cf 7d 0e b8 33 f4 fc 8b ea b8 4c 5b 23 1c 0a 96 2f 77 2f 7d 08 09 cf 6f d7 a0 2f e8 16 ca 39 16 93 5e 60 5c 36 91 6c a4 c8 34 90 96 a7 e4 43 19 1b 33 ea 3f d2 24 df d0 7c d3 04 84 87 3a f9 4f b8 db 5f 02 5b 31 ad f2 62 bb 69 48 89 c6 1d 79 22 70 3c 09 7f a3 49 87 5b 09 a6 d7 62 75 78 12 ac bc be 44 28 7b 89 3a 3a 89 61 57 07 bb 6f 48 bd 6b 62 4c fc 49 1a 5b 62 89 ef 05 f5 42 dc 47 2d ec 26 9c 9c b6 c8 79 b6 69 4f 19 24 9c 4b dc 4d 50 d9 a8 73 3a 96 51 37 a8 ba cd c4 e5 c7 a4 91 a9 47 27 bb ac 8f f0 96 e2 c4 da ee 29 a9 9b 8e 86 e6 f0 22
                                                            Data Ascii: hRK+<SE19NEt'p92Kunz1"$IUl+Bb6KBr}3L[#/w/}o/9^`\6l4C3?$|:O_[1biHy"p<I[buxD({::aWoHkbLI[bBG-&yiO$KMPs:Q7G')"
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 24 d7 0f 2e 06 9d b5 ef a8 45 3c d6 bf 04 29 d2 6d db 5a 97 75 6b b9 05 6d ee 2a 6e 21 ee 60 4f f8 24 96 74 ce 08 b1 50 a9 64 df 19 1b 98 ff 00 02 d0 65 36 20 c2 b6 12 12 c7 dd 44 33 ce 77 ed 06 72 db d8 94 6d 14 d8 8b 76 67 51 35 2b 01 9b 5e 33 e9 7a b7 f2 27 42 92 eb 77 43 a0 41 e0 bf e1 b1 87 a6 06 59 f0 40 a5 6c 37 98 c9 45 7a 22 6e f4 d0 ea 24 13 c6 83 c5 81 93 d8 b3 9d 44 8a 29 75 21 b4 f4 e4 6e 25 35 3a 90 d2 57 02 b5 a2 f4 8e 49 95 ca 34 43 14 5d 0a fc 16 9e 46 9a bf d3 0d 51 a4 45 8d 52 8d ca b8 6f a8 de 62 6b 43 59 b8 13 4d 60 9b b2 a1 d3 73 86 f9 91 5e f6 1a c7 bf a3 65 1c 96 c9 48 bb 6b 8a d6 5d be 83 90 d8 58 43 f2 2b 89 65 76 14 b9 64 75 b6 52 7a 0c a8 6c d9 43 9c ee 04 2b bd e8 17 a0 de 42 73 c8 19 9f e4 f9 42 7a 88 76 d5 12 b1 7e 8d c6 74
                                                            Data Ascii: $.E<)mZukm*n!`O$tPde6 D3wrmvgQ5+^3z'BwCAY@l7Ez"n$D)u!n%5:WI4C]FQERobkCYM`s^eHk]XC+evduRzlC+BsBzv~t
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 4d c3 5e 9b 96 d1 5c 0d b9 e4 42 89 c7 29 42 3f 63 04 ae ed 64 7c 5c df b0 6f 08 89 3e 9b ea 22 a1 22 0d 6d 99 13 b9 58 d0 5a 47 e8 8f ac 83 81 cb 96 d7 e4 69 d8 a3 92 ed 7e 05 33 a8 5b 5b 4c 3e e4 79 0d 4e ef 92 47 7b 82 35 25 b2 c5 5c 68 39 c3 9d 09 2e dc b1 64 09 74 28 b7 a5 6e a4 49 54 de a2 98 97 c8 89 cf 67 88 3a 7a 59 11 5f 83 35 3e 4b c9 68 c7 95 2b b2 20 49 28 f6 12 7a e8 29 58 62 7f 86 7f f8 24 e4 a4 45 8f 33 35 52 39 92 b9 fd 22 a3 b0 93 1d cf 73 43 9b ee 53 71 ad 2c 58 c4 95 f9 86 96 23 31 b1 e2 0b 73 b9 22 90 2b 65 90 6e 35 d8 b5 2e aa 05 e4 6c ac 66 a8 d5 8e 86 4e ac 93 bc c0 bc b1 8f 73 71 32 f1 1a 0a 77 b1 de 64 6a 32 3d a3 96 4b 1b 84 12 5a 0d 0a f6 cc b2 64 a7 e4 7e 7a b3 23 40 e2 d5 0d b6 df 53 33 1c f8 ff 00 46 cc 9a d9 22 a8 27 4e 84
                                                            Data Ascii: M^\B)B?cd|\o>""mXZGi~3[[L>yNG{5%\h9.dt(nITg:zY_5>Kh+ I(z)Xb$E35R9"sCSq,X#1s"+en5.lfNsq2wdj2=KZd~z#@S3F"'N
                                                            2024-09-27 06:30:40 UTC1369INData Raw: c5 33 bf 71 2a e9 ec 7c d7 ec 5d ed 34 b9 a0 c9 d5 49 52 62 b5 3e 3d 19 ad 67 51 c6 b3 c3 25 37 27 71 bd 8a 68 4d e5 ad 72 61 54 de 4e f7 03 15 a9 df d1 e0 92 0d 12 ec 47 55 48 9f 98 a7 d4 9e 43 89 bd 30 39 22 e8 c6 d7 7f c9 47 d7 ff 00 14 1e 48 12 dc 99 86 29 b8 b9 f2 54 d6 86 32 26 82 4e 6c 9c 89 3a 88 aa 91 b7 05 25 32 11 79 32 e9 4a e2 4a c8 be 44 72 36 19 8d 26 3b 87 fb 0d a8 34 7f 52 1d 37 28 89 98 27 0e e1 dc 1a 80 e6 93 27 a8 92 8d 88 20 b5 b6 4f 24 3b 52 b2 2d 98 3c 23 99 3c 48 dc 6b b6 83 76 b5 35 c1 01 56 e1 7d 94 1c 5c 19 3a 4d fa 66 86 e5 e4 95 df 42 13 81 8e 4e 96 27 91 36 a9 08 6a fb 09 aa 44 ff 00 84 d8 0f bf 66 fa 8e 6e 4a 52 c7 71 51 42 1e bd 49 2b 3c 8a 61 31 dc ce 30 e7 41 e1 2c 70 25 ad 3a 92 2f 1a b1 34 6a f0 5d 46 e5 cb c8 c5 70 eb
                                                            Data Ascii: 3q*|]4IRb>=gQ%7'qhMraTNGUHC09"GH)T2&Nl:%2y2JJDr6&;4R7('' O$;R-<#<Hkv5V}\:MfBN'6jDfnJRqQBI+<a10A,p%:/4j]Fp


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            32192.168.2.456561104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC607OUTGET /2023/07/24/0635/img/footer-logo.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC500INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 588
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=1848
                                                            Content-Disposition: inline; filename="footer-logo.webp"
                                                            ETag: "616b5c94-738"
                                                            Expires: Fri, 27 Sep 2024 06:48:45 GMT
                                                            Last-Modified: Sat, 16 Oct 2021 23:13:24 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 715
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972462a1d42d1-EWR
                                                            2024-09-27 06:30:40 UTC588INData Raw: 52 49 46 46 44 02 00 00 57 45 42 50 56 50 38 4c 37 02 00 00 2f 57 80 04 10 1e aa b5 b5 47 92 a4 df 7f b7 23 32 aa 37 03 1e 13 12 0b a4 41 0f c9 81 38 67 70 10 cd 1e 44 30 66 49 07 7e 38 5b a0 08 b7 01 00 10 48 b6 3b c0 38 80 0f b4 71 e2 66 ef 7e a0 0b b4 da 76 ad c6 0b b6 77 37 01 7c 38 9c 7c 9b 03 15 81 78 7e a6 a0 07 f7 13 cd fa b9 42 1f db f8 ff b2 52 23 1c dd 12 e6 95 39 37 c5 cc b2 29 88 e1 2a 25 fc 03 6a 3c cc cf 13 b0 40 c7 5b a3 b9 42 d1 c8 2c 42 a1 73 4b cc b7 8d cb 27 af 02 41 f7 f3 84 28 4a f1 8a 9c 1a ee b5 d4 5c 3c 1f d0 67 a5 e6 39 49 85 76 43 d3 30 6f ab 79 ce 57 21 8e a1 ab b1 aa 6b 87 b6 c5 c8 c6 c6 aa b9 92 da 16 6d 5c 09 5d e7 b6 d4 b6 16 c0 ff 5c c6 31 ea a1 0d 24 eb c5 9b 4f f8 d6 f9 6a d0 f4 de 1f e0 f0 e6 43 63 11 e0 08 85 c6 97 31
                                                            Data Ascii: RIFFDWEBPVP8L7/WG#27A8gpD0fI~8[H;8qf~vw7|8|x~BR#97)*%j<@[B,BsK'A(J\<g9IvC0oyW!km\]\1$OjCc1


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            33192.168.2.456560104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC568OUTGET /2023/07/24/0635/css/jquery.smartbanner.css HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: text/css,*/*;q=0.1
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: style
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC361INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: text/css
                                                            Content-Length: 3824
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:26 GMT
                                                            ETag: "64be1bea-ef0"
                                                            Expires: Fri, 27 Sep 2024 06:59:17 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 83
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972463b834271-EWR
                                                            2024-09-27 06:30:40 UTC1008INData Raw: 23 73 6d 61 72 74 62 61 6e 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 2d 38 32 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 38 65 38 65 38 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 37 38 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 27 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 34 66 34 66 34 20 30 2c 23 63 64 63 64 63 64 20 31 30 30 25 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 6d 73 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 23 66 34 66 34 66 34 20
                                                            Data Ascii: #smartbanner{position:absolute;left:0;top:-82px;border-bottom:1px solid #e8e8e8;width:100%;height:78px;font-family:'Helvetica Neue',sans-serif;background:-webkit-linear-gradient(top,#f4f4f4 0,#cdcdcd 100%);background-image:-ms-linear-gradient(top,#f4f4f4
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 62 61 6e 6e 65 72 20 2e 73 62 2d 69 63 6f 6e 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 33 30 70 78 3b 74 6f 70 3a 31 30 70 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 35 37 70 78 3b 68 65 69 67 68 74 3a 35 37 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 76 65 72 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 33 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 7d 23 73 6d 61 72 74 62 61 6e 6e 65 72 2e 6e 6f 2d 69 63 6f 6e 20 2e 73 62 2d 69 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 73 6d 61 72 74 62 61 6e 6e 65 72 20 2e 73 62 2d
                                                            Data Ascii: banner .sb-icon{position:absolute;left:30px;top:10px;display:block;width:57px;height:57px;background:rgba(0,0,0,0.6);background-size:cover;border-radius:10px;box-shadow:0 1px 3px rgba(0,0,0,0.3)}#smartbanner.no-icon .sb-icon{display:none}#smartbanner .sb-
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 35 35 2c 32 35 35 2c 30 2e 38 29 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 70 2c 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 37 29 20 30 2c 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 32 29 20 31 30 30 25 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 20 31 30 70 78 20 31 32 70 78 20 31 32 70 78 7d 23 73 6d 61 72 74 62 61 6e 6e 65 72 2e 61 6e 64 72 6f 69 64 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 32 32 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 64 33 64 33 64 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 67 69 66 3b 62 61 73 65 36 34 2c 52 30 6c 47 4f 44 6c 68
                                                            Data Ascii: 55,255,0.8);width:100%;height:50%;background:-webkit-linear-gradient(top,rgba(255,255,255,0.7) 0,rgba(255,255,255,0.2) 100%);border-radius:10px 10px 12px 12px}#smartbanner.android{border-color:#212228;background:#3d3d3d url('data:image/gif;base64,R0lGODlh
                                                            2024-09-27 06:30:40 UTC78INData Raw: 6e 3a 68 6f 76 65 72 20 73 70 61 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 61 63 37 65 31 7d 23 73 6d 61 72 74 62 61 6e 6e 65 72 2e 77 69 6e 64 6f 77 73 20 2e 73 62 2d 69 63 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d
                                                            Data Ascii: n:hover span{background:#2ac7e1}#smartbanner.windows .sb-icon{border-radius:0}


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            34192.168.2.456563104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC372OUTGET /2023/07/24/0635/img/shadow-top.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC435INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 638
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1677, status=webp_bigger
                                                            ETag: "64be1bd1-68d"
                                                            Expires: Fri, 27 Sep 2024 06:36:54 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 1426
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972463e844288-EWR
                                                            2024-09-27 06:30:40 UTC638INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 72 00 00 00 14 08 04 00 00 00 a3 15 18 70 00 00 02 45 49 44 41 54 78 da ed 9a db 6e c3 30 0c 43 a3 ed ff bf 99 03 8a 0d c2 e6 96 08 c0 86 b5 56 4a 48 ac c8 72 fd 76 4a 5f ea a8 e3 66 df 6d fd 3c eb bb 9f ae 5d 47 93 96 45 6d b5 c6 ac 92 65 3a 27 e4 49 2f ab d2 ea 0c e3 07 cc 47 0d c3 e6 c3 e9 3a bd 0a 42 fe 71 0e b4 1f a4 92 46 ac ed af ce 2c cf fa ee da 05 54 1d 37 d6 54 c0 ad 99 8e 75 ac 95 80 ae ce 92 1e 15 76 56 7c d4 9b a0 0e 83 e6 c1 71 d8 e0 c6 fb 21 62 0f 02 f2 48 dc ad 02 ba 8e ba a2 c7 dd 81 15 79 ba 42 d0 6e 24 16 f4 9b 80 3b 01 78 6a 95 19 82 31 1f c4 b8 c1 52 05 21 2f 68 3a 0e 3c 4d d7 f5 9b 3f 7f 20 f7 08 73 67 00 27 a0 4d d5 68 75 31 c0 ea 05 58 2b 97 d2 1a 8a 4c 0c 9a 05 2f 40 1e 2e
                                                            Data Ascii: PNGIHDRrpEIDATxn0CVJHrvJ_fm<]GEme:'I/G:BqF,T7TuvV|q!bHyBn$;xj1R!/h:<M? sg'Mhu1X+L/@.


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            35192.168.2.456564104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC375OUTGET /2023/07/24/0635/img/helper-select.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC428INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 785
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=2068
                                                            ETag: "64be1bd1-814"
                                                            Expires: Fri, 27 Sep 2024 06:49:28 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 672
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724658e872aa-EWR
                                                            2024-09-27 06:30:40 UTC785INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 29 00 00 00 29 08 06 00 00 00 a8 60 00 f6 00 00 02 d8 49 44 41 54 78 da cd 97 5b 4f 13 51 14 85 e7 c9 90 58 2b d0 96 52 da d2 eb d0 1b 6d a1 f4 4e 11 04 5b 10 29 c5 06 b4 91 8a d4 d6 fb 2d 90 a0 56 8d 51 31 44 13 63 82 2f be f0 a0 89 f1 c5 1f e1 4f 5b 66 cf 43 0f 95 29 e9 64 08 73 56 f2 65 76 ce d9 59 5d 39 69 ce 45 d0 99 3c e8 b5 46 24 a8 16 3a 48 45 9f 7a 39 92 eb 00 f0 97 f0 4c dd c5 60 20 4f 3f d0 06 8d d1 9c d2 3e f2 16 4e 42 9e c9 46 cb 28 52 da 43 ec da 3e e8 cb 60 63 8a fa 98 b7 7a b9 b3 75 58 23 45 89 c8 f2 47 69 15 e4 a0 39 a5 7d e4 2d 9c 84 c8 38 bc f4 01 04 d5 c7 f5 1d 46 a1 9f 7a 45 57 3e 83 e0 d0 8f 29 74 f9 0d 08 0e fd 98 02 85 26 08 0e fd 98 fc 97 76 40 70 e8 c7 e4 9b dd 06 c1 ab 9f
                                                            Data Ascii: PNGIHDR))`IDATx[OQX+RmN[)-VQ1Dc/O[fC)dsVevY]9iE<F$:HEz9L` O?>NBF(RC>`czuX#EGi9}-8FzEW>)t&v@p


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            36192.168.2.456559104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC552OUTGET /2023/07/24/0635/js/jquery.smartbanner.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: */*
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: script
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC362INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-aec"
                                                            Expires: Fri, 27 Sep 2024 06:57:31 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 189
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972467c950fa4-EWR
                                                            2024-09-27 06:30:40 UTC1007INData Raw: 32 30 32 63 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 64 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 5d 2c 64 29 3a 64 28 61 2e 6a 51 75 65 72 79 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 64 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2c 6b 3d 2f 45 64 67 65 2f 69 2e 74 65 73 74 28 64 29 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 74 68 69 73 2e 6f 72 69 67 48 74 6d 6c 4d 61 72 67 69 6e 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 28 22 68 74 6d 6c 22 29 2e 63 73 73 28 22 6d 61 72 67 69 6e 2d 74 6f 70 22 29 29 3b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 3d 61 2e 65 78 74 65 6e 64 28 7b 7d 2c 61
                                                            Data Ascii: 202c(function(a,d){"function"==typeof define&&define.amd?define(["jquery"],d):d(a.jQuery)})(this,function(a){var d=navigator.userAgent,k=/Edge/i.test(d),h=function(b){this.origHtmlMargin=parseFloat(a("html").css("margin-top"));this.options=a.extend({},a
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 65 2c 31 3e 74 68 69 73 2e 73 63 61 6c 65 26 26 0a 28 74 68 69 73 2e 73 63 61 6c 65 3d 31 29 2c 62 3d 61 28 22 61 6e 64 72 6f 69 64 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 70 6c 61 79 2d 61 70 70 22 5d 27 3a 22 69 6f 73 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 5d 27 3a 22 6b 69 6e 64 6c 65 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6b 69 6e 64 6c 65 2d 66 69 72 65 2d 61 70 70 22 5d 27 3a 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 41 70 70 6c 69 63 61 74 69 6f 6e 2d 49 44 22 5d 27 29 2c 62 2e 6c 65 6e 67 74 68 29 29 7b 69 66 28 22 77 69 6e 64 6f 77 73 22 3d 3d 74 68 69 73 2e 74 79 70 65
                                                            Data Ascii: e,1>this.scale&&(this.scale=1),b=a("android"==this.type?'meta[name="google-play-app"]':"ios"==this.type?'meta[name="apple-itunes-app"]':"kindle"==this.type?'meta[name="kindle-fire-app"]':'meta[name="msApplication-ID"]'),b.length)){if("windows"==this.type
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 64 70 2f 3f 70 72 6f 64 75 63 74 69 64 3d 22 3a 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 6e 61 76 69 67 61 74 65 3f 61 70 70 69 64 3d 22 7d 72 65 74 75 72 6e 22 68 74 74 70 73 3a 2f 2f 69 74 75 6e 65 73 2e 61 70 70 6c 65 2e 63 6f 6d 2f 22 2b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 61 70 70 53 74 6f 72 65 4c 61 6e 67 75 61 67 65 2b 22 2f 61 70 70 2f 69 64 22 7d 2e 63 61 6c 6c 28 74 68 69 73 29 2b 74 68 69 73 2e 61 70 70 49 64 2c 64 3d 63 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 63 2b 22 20 2d 20 22 3b 0a 73 77 69 74 63 68 28 74 68 69 73 2e 74 79 70 65 29 7b 63 61 73 65 20 22 61 6e 64 72 6f 69 64 22 3a 72 65 74 75 72 6e 20 61 2b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 69 6e 47 6f 6f 67 6c 65 50 6c 61 79 3b 63 61 73 65 20 22 6b 69 6e
                                                            Data Ascii: dp/?productid=":"ms-windows-store:navigate?appid="}return"https://itunes.apple.com/"+this.options.appStoreLanguage+"/app/id"}.call(this)+this.appId,d=c?function(){var a=c+" - ";switch(this.type){case "android":return a+this.options.inGooglePlay;case "kin
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 2e 6c 65 6e 67 74 68 3f 62 3d 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 61 74 74 72 28 22 63 6f 6e 74 65 6e 74 22 29 3a 30 3c 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 6c 65 6e 67 74 68 26 26 28 62 3d 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 61 74 74 72 28 22 63 6f 6e 74 65 6e 74 22 29 29 3b 62 3f 28 61 28 22 23 73 6d 61 72 74 62 61 6e 6e 65 72 20 2e 73 62 2d 69 63 6f 6e 22 29 2e 63 73 73 28 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 22 2c 22 75 72 6c 28 22 2b 62 2b 22 29 22 29 2c 66 26 26 61 28 22
                                                            Data Ascii: .length?b=a('meta[name="msApplication-TileImage"]').attr("content"):0<a('meta[name="msapplication-TileImage"]').length&&(b=a('meta[name="msapplication-TileImage"]').attr("content"));b?(a("#smartbanner .sb-icon").css("background-image","url("+b+")"),f&&a("
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 74 6f 72 29 2e 61 64 64 43 6c 61 73 73 28 22 73 62 2d 61 6e 69 6d 61 74 69 6f 6e 22 29 2e 6f 6e 65 28 61 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 61 28 22 68 74 6d 6c 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 73 62 2d 61 6e 69 6d 61 74 69 6f 6e 22 29 3b 0a 62 26 26 62 28 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 70 65 65 64 49 6e 29 2e 63 73 73 28 22 6d 61 72 67 69 6e 2d 74 6f 70 22 2c 74 68 69 73 2e 6f 72 69 67 48 74 6d 6c 4d 61 72 67 69 6e 2b 74 68 69 73 2e 62 61 6e 6e 65 72 48 65 69 67 68 74 2a 74 68 69 73 2e 73 63 61 6c 65 29 29 3a 63 2e 73 6c 69 64 65 44 6f 77 6e 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73
                                                            Data Ascii: tor).addClass("sb-animation").one(a.support.transition.end,function(){a("html").removeClass("sb-animation");b&&b()}).emulateTransitionEnd(this.options.speedIn).css("margin-top",this.origHtmlMargin+this.bannerHeight*this.scale)):c.slideDown(this.options.s
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 20 65 78 70 69 72 65 73 3d 22 2b 64 2e 74 6f 55 54 43 53 74 72 69 6e 67 28 29 29 3b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 61 2b 22 3d 22 2b 63 2b 22 3b 20 70 61 74 68 3d 2f 3b 22 7d 2c 67 65 74 43 6f 6f 6b 69 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2b 3d 22 2d 32 22 3b 76 61 72 20 63 2c 64 2c 67 2c 66 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 22 29 3b 66 6f 72 28 63 3d 30 3b 63 3c 66 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 64 3d 66 5b 63 5d 2e 73 75 62 73 74 72 28 30 2c 66 5b 63 5d 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 2c 67 3d 66 5b 63 5d 2e 73 75 62 73 74 72 28 66 5b 63 5d 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 29 2c 64 3d 64 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c
                                                            Data Ascii: expires="+d.toUTCString());document.cookie=a+"="+c+"; path=/;"},getCookie:function(a){a+="-2";var c,d,g,f=document.cookie.split(";");for(c=0;c<f.length;c++)if(d=f[c].substr(0,f[c].indexOf("=")),g=f[c].substr(f[c].indexOf("=")+1),d=d.replace(/^\s+|\s+$/g,
                                                            2024-09-27 06:30:40 UTC392INData Raw: 7d 29 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 7c 7c 61 28 64 29 2e 74 72 69 67 67 65 72 28 61 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 29 7d 2c 62 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 61 2e 73 75 70 70 6f 72 74 2c 63 3b 61 3a 7b 63 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 6d 61 72 74 62 61 6e 6e 65 72 22 29 3b 76 61 72 20 64 3d 7b 57 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 3a 22 77 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 4d 6f 7a 54 72 61 6e 73 69 74 69 6f 6e 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 4f 54 72 61 6e 73 69 74 69 6f 6e 3a 22 6f 54 72 61 6e 73 69 74
                                                            Data Ascii: });setTimeout(function(){c||a(d).trigger(a.support.transition.end)},b);return this},a(function(){var b=a.support,c;a:{c=document.createElement("smartbanner");var d={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransit
                                                            2024-09-27 06:30:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            37192.168.2.456562104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC377OUTGET /2023/07/24/0635/img/button-icon-sep.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC426INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 73
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=928
                                                            ETag: "64be1bd1-3a0"
                                                            Expires: Fri, 27 Sep 2024 06:58:52 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 108
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972465c7243b9-EWR
                                                            2024-09-27 06:30:40 UTC73INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 01 08 04 00 00 00 5e 2b b7 01 00 00 00 10 49 44 41 54 78 da 01 05 00 fa ff 00 00 ff ff 99 05 99 02 98 a8 44 7b 16 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                            Data Ascii: PNGIHDR^+IDATxD{IENDB`


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            38192.168.2.456565104.16.80.734431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC413OUTGET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
                                                            Host: static.cloudflareinsights.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC373INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: text/javascript;charset=UTF-8
                                                            Content-Length: 19948
                                                            Connection: close
                                                            Access-Control-Allow-Origin: *
                                                            Cache-Control: public, max-age=86400
                                                            ETag: W/"2024.6.1"
                                                            Last-Modified: Thu, 06 Jun 2024 15:52:56 GMT
                                                            Cross-Origin-Resource-Policy: cross-origin
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972467a554270-EWR
                                                            2024-09-27 06:30:40 UTC996INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 33 34 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 32 35 36 3b 2b 2b 6e 29 74 5b 6e 5d 3d 28 6e 2b 32 35 36 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 73 75 62 73 74 72 28 31 29 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 3d 6e 7c 7c 30 2c 69 3d 74 3b 72 65 74 75 72 6e 5b 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 69 5b 65 5b 72 2b 2b 5d 5d 2c 22 2d 22 2c 69 5b 65 5b 72 2b
                                                            Data Ascii: !function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r+
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 3b 69 66 28 61 5b 36 5d 3d 31 35 26 61 5b 36 5d 7c 36 34 2c 61 5b 38 5d 3d 36 33 26 61 5b 38 5d 7c 31 32 38 2c 74 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 31 36 3b 2b 2b 63 29 74 5b 6f 2b 63 5d 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 69 28 61 29 7d 7d 2c 31 36 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 31 2c 72 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 66 6f 72 28 76 61 72 20 69 20 69 6e 20 74 3d 61 72 67
                                                            Data Ascii: ;if(a[6]=15&a[6]|64,a[8]=63&a[8]|128,t)for(var c=0;c<16;++c)t[o+c]=a[c];return t||i(a)}},168:function(e,t,n){"use strict";var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var i in t=arg
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 72 63 68 50 61 72 61 6d 73 29 7b 76 61 72 20 79 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 67 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 5c 3f 5d 2b 5c 3f 3f 2f 2c 22 22 29 29 2c 68 3d 79 2e 67 65 74 28 22 74 6f 6b 65 6e 22 29 3b 68 26 26 28 70 2e 74 6f 6b 65 6e 3d 68 29 3b 76 61 72 20 54 3d 79 2e 67 65 74 28 22 73 70 61 22 29 3b 70 2e 73 70 61 3d 6e 75 6c 6c 3d 3d 3d 54 7c 7c 22 74 72 75 65 22 3d 3d 3d 54 7d 7d 70 26 26 22 6d 75 6c 74 69 22 21 3d 3d 70 2e 6c 6f 61 64 26 26 28 70 2e 6c 6f 61 64 3d 22 73 69 6e 67 6c 65 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 63 66 42 65 61 63 6f 6e 3d 70 7d 69 66 28 73 26 26 70 26 26 70 2e 74 6f 6b 65 6e 29 7b 76 61 72 20 77 2c 53 2c 62 3d 21 31 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74
                                                            Data Ascii: rchParams){var y=new URLSearchParams(g.replace(/^[^\?]+\??/,"")),h=y.get("token");h&&(p.token=h);var T=y.get("spa");p.spa=null===T||"true"===T}}p&&"multi"!==p.load&&(p.load="single"),window.__cfBeacon=p}if(s&&p&&p.token){var w,S,b=!1;document.addEventList
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 2e 74 69 6d 69 6e 67 73 56 32 3d 7b 7d 2c 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 3d 32 2c 64 2e 64 74 3d 6d 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 2c 64 65 6c 65 74 65 20 64 2e 74 69 6d 69 6e 67 73 2c 74 28 6d 5b 30 5d 2c 64 2e 74 69 6d 69 6e 67 73 56 32 29 29 7d 31 3d 3d 3d 64 2e 76 65 72 73 69 6f 6e 73 2e 74 69 6d 69 6e 67 73 26 26 74 28 63 2c 64 2e 74 69 6d 69 6e 67 73 29 2c 74 28 75 2c 64 2e 6d 65 6d 6f 72 79 29 7d 65 6c 73 65 20 4f 28 64 29 3b 72 65 74 75 72 6e 20 64 2e 66 69 72 73 74 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 70 61 69 6e 74 22 29 2c 64 2e 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 3d 6b 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 29 2c 70 26 26 28 70 2e 69 63
                                                            Data Ascii: .timingsV2={},d.versions.timings=2,d.dt=m[0].deliveryType,delete d.timings,t(m[0],d.timingsV2))}1===d.versions.timings&&t(c,d.timings),t(u,d.memory)}else O(d);return d.firstPaint=k("first-paint"),d.firstContentfulPaint=k("first-contentful-paint"),p&&(p.ic
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 65 72 65 64 3a 21 30 7d 7d 3b 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 52 28 29 3a 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 52 29 7d 29 29 3b 76 61 72 20 41 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4c 26 26 30 3d 3d 3d 76 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 64 3d 3d 3d 6c 7d 29 29 2e 6c 65 6e 67 74 68 7d 2c 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 2e 70 75 73 68 28 7b 69 64 3a 6c 2c 75 72 6c 3a 65 2c 74 73 3a 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65
                                                            Data Ascii: ered:!0}};"complete"===window.document.readyState?R():window.addEventListener("load",(function(){window.setTimeout(R)}));var A=function(){return L&&0===v.filter((function(e){return e.id===l})).length},_=function(e){v.push({id:l,url:e,ts:(new Date).getTime
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 72 63 65 4c 6f 61 64 54 69 6d 65 2c 45 2e 6c 63 70 2e 65 72 64 3d 63 2e 65 6c 65 6d 65 6e 74 52 65 6e 64 65 72 44 65 6c 61 79 2c 45 2e 6c 63 70 2e 69 74 3d 6e 75 6c 6c 3d 3d 3d 28 69 3d 63 2e 6c 63 70 52 65 73 6f 75 72 63 65 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 69 6e 69 74 69 61 74 6f 72 54 79 70 65 2c 45 2e 6c 63 70 2e 66 70 3d 6e 75 6c 6c 3d 3d 3d 28 61 3d 6e 75 6c 6c 3d 3d 3d 28 6f 3d 63 2e 6c 63 70 45 6e 74 72 79 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 65 6c 65 6d 65 6e 74 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 3f 76 6f 69 64 20 30 3a 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 22 29 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4e 50 22
                                                            Data Ascii: rceLoadTime,E.lcp.erd=c.elementRenderDelay,E.lcp.it=null===(i=c.lcpResourceEntry)||void 0===i?void 0:i.initiatorType,E.lcp.fp=null===(a=null===(o=c.lcpEntry)||void 0===o?void 0:o.element)||void 0===a?void 0:a.getAttribute("fetchpriority"));break;case"INP"
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 64 65 64 42 6f 64 79 53 69 7a 65 26 26 28 72 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 3d 6e 5b 30 5d 2e 64 65 63 6f 64 65 64 42 6f 64 79 53 69 7a 65 29 2c 65 2e 64 74 3d 6e 5b 30 5d 2e 64 65 6c 69 76 65 72 79 54 79 70 65 29 2c 74 28 72 2c 65 2e 74 69 6d 69 6e 67 73 56 32 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 65 29 7b 76 61 72 20 74 3b 69 66 28 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 66 75 6c 2d 70 61 69 6e 74 22 3d 3d 3d 65 26 26 45 2e 66 63 70 26 26 45 2e 66 63 70 2e 76 61 6c 75 65 29 72 65 74 75 72 6e 20 45 2e 66 63 70 2e 76 61 6c 75 65 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 73 2e 67 65 74 45 6e 74 72 69
                                                            Data Ascii: dedBodySize&&(r.decodedBodySize=n[0].decodedBodySize),e.dt=n[0].deliveryType),t(r,e.timingsV2)}}function k(e){var t;if("first-contentful-paint"===e&&E.fcp&&E.fcp.value)return E.fcp.value;if("function"==typeof s.getEntriesByType){var n=null===(t=s.getEntri
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 76 65 6e 74 54 79 70 65 3d 7b 7d 29 29 5b 72 2e 4c 6f 61 64 3d 31 5d 3d 22 4c 6f 61 64 22 2c 72 5b 72 2e 41 64 64 69 74 69 6f 6e 61 6c 3d 32 5d 3d 22 41 64 64 69 74 69 6f 6e 61 6c 22 2c 72 5b 72 2e 57 65 62 56 69 74 61 6c 73 56 32 3d 33 5d 3d 22 57 65 62 56 69 74 61 6c 73 56 32 22 2c 28 6e 3d 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 7c 7c 28 74 2e 46 65 74 63 68 50 72 69 6f 72 69 74 79 3d 7b 7d 29 29 2e 48 69 67 68 3d 22 68 69 67 68 22 2c 6e 2e 4c 6f 77 3d 22 6c 6f 77 22 2c 6e 2e 41 75 74 6f 3d 22 61 75 74 6f 22 7d 2c 31 30 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77
                                                            Data Ascii: ventType={}))[r.Load=1]="Load",r[r.Additional=2]="Additional",r[r.WebVitalsV2=3]="WebVitalsV2",(n=t.FetchPriority||(t.FetchPriority={})).High="high",n.Low="low",n.Auto="auto"},104:function(e,t){!function(e){"use strict";var t,n,r,i,o,a=function(){return w
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 30 3f 72 3d 22 70 72 65 72 65 6e 64 65 72 22 3a 64 6f 63 75 6d 65 6e 74 2e 77 61 73 44 69 73 63 61 72 64 65 64 3f 72 3d 22 72 65 73 74 6f 72 65 22 3a 6e 2e 74 79 70 65 26 26 28 72 3d 6e 2e 74 79 70 65 2e 72 65 70 6c 61 63 65 28 2f 5f 2f 67 2c 22 2d 22 29 29 29 2c 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 2d 31 3a 74 2c 72 61 74 69 6e 67 3a 22 67 6f 6f 64 22 2c 64 65 6c 74 61 3a 30 2c 65 6e 74 72 69 65 73 3a 5b 5d 2c 69 64 3a 22 76 33 2d 22 2e 63 6f 6e 63 61 74 28 44 61 74 65 2e 6e 6f 77 28 29 2c 22 2d 22 29 2e 63 6f 6e 63 61 74 28 4d 61 74 68 2e 66 6c 6f 6f 72 28 38 39 39 39 39 39 39 39 39 39 39 39 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 65 31 32 29 2c 6e 61 76 69 67 61 74 69 6f 6e 54 79 70 65 3a 72 7d 7d 2c
                                                            Data Ascii: 0?r="prerender":document.wasDiscarded?r="restore":n.type&&(r=n.type.replace(/_/g,"-"))),{name:e,value:void 0===t?-1:t,rating:"good",delta:0,entries:[],id:"v3-".concat(Date.now(),"-").concat(Math.floor(8999999999999*Math.random())+1e12),navigationType:r}},
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 2c 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 70 72 65 72 65 6e 64 65 72 69 6e 67 63 68 61 6e 67 65 22 2c 62 2c 21 30 29 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 3c 30 26 26 28 77 3d 53 28 29 2c 45 28 29 2c 6c 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 3d 53 28 29 2c 45 28 29 7d 29 2c 30 29 7d 29 29 29 2c 7b 67 65 74 20 66 69 72 73 74 48 69 64 64 65 6e 54 69 6d 65 28 29 7b 72 65 74 75 72 6e 20 77 7d 7d 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 6f 63 75 6d 65 6e 74 2e 70
                                                            Data Ascii: function(){removeEventListener("visibilitychange",b,!0),removeEventListener("prerenderingchange",b,!0)},C=function(){return w<0&&(w=S(),E(),l((function(){setTimeout((function(){w=S(),E()}),0)}))),{get firstHiddenTime(){return w}}},P=function(e){document.p


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            39192.168.2.456567104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC375OUTGET /2023/07/24/0635/img/helper-button.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC429INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 2290
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=3259
                                                            ETag: "64be1bd1-cbb"
                                                            Expires: Fri, 27 Sep 2024 06:49:28 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 672
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997247db9419ff-EWR
                                                            2024-09-27 06:30:40 UTC940INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 31 08 06 00 00 00 9c 5e 2a 22 00 00 08 b9 49 44 41 54 78 da ed 99 79 54 54 d7 1d c7 7f 6f 9b 85 65 00 89 88 28 20 10 83 6c 33 0c b2 ba a0 a2 01 5c 30 9a a0 22 06 8d 89 ad 18 5c a8 36 46 03 31 46 25 6a ab d5 da 98 98 26 9a da 5a 13 93 68 3d 18 2d 50 45 63 63 c4 98 58 ab 46 65 d8 44 41 f6 9d d9 de cc 7b b7 f7 be 83 47 a9 b4 f1 9c f2 07 af 27 bf 99 cf db 7e f7 fe e6 fb 7b f7 dd 77 7f e7 0c 30 ac 52 a1 d2 78 fe 56 e3 39 aa c5 75 58 18 72 1d a6 1d e0 84 21 ac b5 95 68 26 da c1 cd 2b 78 8f 6f 64 1a 0a 99 9a 8b 74 b3 b6 a1 f0 d9 db 07 34 44 23 d1 4a 34 bb 79 05 fd 0a 46 8e c9 30 46 ce 7f 0f 8d cf 3c 8e 26 2c 3f 89 39 35 c0 39 29 69 8d 9c bf 17 3d 1d b7 a0 1b 42 a6 e6 a0 f1 4b ff 82 26 64 9d 94
                                                            Data Ascii: PNGIHDR01^*"IDATxyTToe( l3\0"\6F1F%j&Zh=-PEccXFeDA{G'~{w0RxV9uXr!h&+xodt4D#J4yF0F<&,?959)i=BK&d
                                                            2024-09-27 06:30:40 UTC1350INData Raw: 18 95 b8 16 45 67 1c 78 14 9c c0 ef 51 d8 cc 2d b8 c1 eb 08 8b ec e5 d3 a7 ee c2 35 48 8e e4 8f 98 bb 07 8b dd 8c 82 93 d6 4b 04 25 ad 23 ed 09 d2 71 68 ca 26 14 32 6d 03 1a 39 71 b9 b4 8f 9c ff 3e 89 d1 6f 10 ed 2c 88 08 e0 df 1e 21 0a 7f 14 6a 37 e0 94 ce 40 33 8a 5e 7e 96 53 03 ed 3c 04 b0 03 68 0c 85 db 21 95 4b 8f 17 49 ed 89 d1 9a a1 40 d1 2c 19 e7 9e 38 1c 50 40 4b b1 fa cd 88 f6 51 93 d7 90 3b 2e 4b 88 76 1a 21 69 1d 90 27 0f 6b 21 e1 71 44 3b 0c 72 a6 cc f3 93 9e ae cc 7c 3e d4 90 10 39 f4 3e 05 36 91 f8 06 0e 22 49 a0 af ec 04 50 50 56 db 8e 35 c9 a7 0b 0a 8b eb f7 ee ff 54 60 ec ed 17 b2 e6 e8 6f 09 bc 65 e0 8c 00 49 00 fa 18 01 52 b3 68 54 bc 71 cb ce 03 7f 28 2d af 8a eb e8 32 07 7d 72 ac f0 f9 e3 a7 8a af da ac 5d 00 88 47 49 b1 de 35 2b d2
                                                            Data Ascii: EgxQ-5HK%#qh&2m9q>o,!j7@3^~S<h!KI@,8P@KQ;.Kv!i'k!qD;r|>9>6"IPPV5T`oeIRhTq(-2}r]GI5+


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            40192.168.2.456568104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC630OUTGET /2023/07/24/0635/img/page-bg.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC499INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 5608
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=7116
                                                            Content-Disposition: inline; filename="page-bg.webp"
                                                            ETag: "64be1bfb-1a7b"
                                                            Expires: Fri, 27 Sep 2024 06:35:17 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1523
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972483b6f43e3-EWR
                                                            2024-09-27 06:30:40 UTC870INData Raw: 52 49 46 46 e0 15 00 00 57 45 42 50 56 50 38 4c d4 15 00 00 2f 9f c0 27 00 85 37 db b6 de aa d9 b6 ad fe 95 02 1b 93 83 c9 d8 60 1d c7 3a 72 3e d6 54 d8 d2 ae c0 1d 9e 07 dd 3f 9f 10 d1 7f 86 6d db 46 1a 81 bd 2f e7 24 0b cc 29 b7 a5 76 33 8f 9e e7 40 fd 50 1d 50 9b 59 98 fb 56 49 73 76 61 69 8a 50 4d 9b 89 78 83 6d 53 90 62 22 9d 56 42 44 ee 69 6d b2 6e a9 87 8d b2 42 f7 0d 4d 8a a9 24 5e 0d ea 92 62 dc d7 36 88 b7 60 e8 95 7b 50 4c 4d 05 13 af bd cd 32 d7 f0 82 54 ee a2 6b 57 2d e3 ac 90 fa 44 6c 67 01 f9 a5 16 f9 66 bb 35 c2 35 1d 2a 08 2d 5f 38 61 85 4a e6 a6 19 71 5d 74 f8 d1 5b 7b 05 9b 7b 95 71 d5 f6 b5 c5 02 9f 3a 73 a0 b5 b2 1a 47 13 c7 94 ca d2 54 5c 21 e2 56 7b 9e a9 d4 b5 56 bf 58 a9 0e 81 fa c1 65 9e a4 e3 c5 b0 81 fc 5f b9 92 4b 8f 76 66 b4
                                                            Data Ascii: RIFFWEBPVP8L/'7`:r>T?mF/$)v3@PPYVIsvaiPMxmSb"VBDimnBM$^b6`{PLM2TkW-Dlgf55*-_8aJq]t[{{q:sGT\!V{VXe_Kvf
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 68 9b a7 04 ad 87 59 b9 bc 66 1f 66 41 69 5f 9b 10 1f 5a ea a1 93 bf 64 a5 fe 75 19 75 f2 6c e0 ca 57 cc f6 44 19 f9 54 15 df 23 84 97 a1 f2 1d 42 ff a7 4b 78 07 85 bb 22 dc 99 93 e6 3c 2a 96 12 59 22 fa 1f 70 c5 40 d8 9f 92 d4 2f a3 32 a9 a6 5e ed be b6 66 e6 08 cc 02 05 a2 c8 39 45 ac 21 30 c0 98 5c c1 82 58 37 2d 32 73 ca 07 a3 01 76 fd d0 a4 dd 7c a8 63 cd 6d 14 08 53 1a ea e6 10 d6 ae cb 9c 41 93 2b 62 22 67 16 d1 0c 3b 3f ae 6e 5f db 0d 4c 1f 72 c5 8f d1 d2 57 57 78 b5 3d fd b2 51 e9 3a 58 c5 46 3e 39 99 06 23 f5 bb b7 ea 4d 45 7b 1e 9d 3d 25 6e e7 08 46 16 e9 ff 15 65 2e 18 fd bc a5 62 c8 b7 cb ec bb 26 dd 6e 3b ec 29 31 9f c9 20 f6 b5 6d 08 ee 80 84 b9 42 73 96 3c e7 6a 00 c5 53 af 0d 16 7e aa b6 2e cd 0a 14 93 d7 56 cb 22 41 a3 a6 b4 d6 14 90 58
                                                            Data Ascii: hYffAi_ZduulWDT#BKx"<*Y"p@/2^f9E!0\X7-2sv|cmSA+b"g;?n_LrWWx=Q:XF>9#ME{=%nFe.b&n;)1 mBs<jS~.V"AX
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 4d 60 1c c2 e0 97 a2 ec e4 4c dd 9a e3 a5 12 e0 42 5c 54 ca a3 4d 61 09 c6 1f 82 91 63 cd 58 34 01 c8 0a a5 d0 e2 a2 58 3a b7 25 a0 4c d2 f1 84 5a c6 e6 70 f0 5a 2e d9 0e 90 cd 8d c1 e5 7d 6d da 8a 0a fc d1 0d 7b bd 01 fe f7 eb 52 c8 6b ec 6b cb 34 27 a4 d9 b3 3d 56 81 2d 15 7d 0c 4d 6f a5 ea 15 ca ad 2c 98 ad a1 b5 03 0b a2 d8 ac 08 9b 56 6e 1e 9a 98 18 fd 28 45 59 45 6c c8 2d 1f 91 e3 58 ab 5c 22 85 43 6f fe 88 08 2e 00 c4 be b6 7f 82 c3 af 5e f9 c2 8c e6 c9 a6 f4 91 9a 7a 6a 10 cf a8 fd 2d 52 f9 d3 6b bd cf 56 5e d4 40 43 71 59 78 e9 64 32 7c 4d d2 51 cb fa cb 05 79 ea 49 bf 36 c2 53 ea f1 26 30 be 62 a4 5f 25 f7 4b 65 e3 bb f6 69 5f db 51 85 b0 2a ab 36 4f 76 55 0e e3 20 cc 84 5c 56 ca 76 d5 83 5a 4d ef 4b f2 80 cb 72 b6 b1 02 91 0e c2 f8 4d 37 60 48
                                                            Data Ascii: M`LB\TMacX4X:%LZpZ.}m{Rkk4'=V-}Mo,Vn(EYEl-X\"Co.^zj-RkV^@CqYxd2|MQyI6S&0b_%Kei_Q*6OvU \VvZMKrM7`H
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 22 42 a5 b5 0a 62 ef 14 bb 60 b8 04 85 d0 d3 34 58 6c 14 3b a2 0e c8 99 d0 42 9f a3 c5 98 02 8f ec b1 b4 ae c6 50 fa c8 32 ee 6b fb ef 73 9c d6 8c 40 3c ab 39 29 a7 48 16 76 8f 05 f9 87 65 7c 34 16 5f 2e 97 eb 2c c5 69 08 f8 e7 a5 fb 21 be 27 2b da d7 96 ea 91 62 66 5d b0 05 4f a3 93 01 a9 8c 1c 48 cf 44 9a e1 f5 9c 74 3f 58 ef 27 86 dd 2a 32 57 a4 c5 06 b3 08 95 37 94 be 96 10 67 a3 79 94 ce 1c 52 33 47 5f d5 14 62 40 d7 71 a9 90 a3 de d7 46 be e0 de fb 76 0b b2 3f 23 87 d3 9a d5 69 61 3c eb ac 2e b2 c0 43 0d fc 44 03 4c 93 e1 93 3c 2e 2d cc 25 51 7a cb a8 b7 3a e0 49 6a 79 11 45 51 b1 f9 d3 2c fd 07 8b f0 db d4 24 74 81 09 26 fd 2b 8d f7 b5 ad 90 79 8d 5c c6 02 bf b8 d8 96 c2 6a 74 c0 54 b5 dc 00 3d 79 61 0e 26 59 10 e5 03 44 84 02 a6 d1 e6 0d b0 23 0c
                                                            Data Ascii: "Bb`4Xl;BP2ks@<9)Hve|4_.,i!'+bf]OHDt?X'*2W7gyR3G_b@qFv?#ia<.CDL<.-%Qz:IjyEQ,$t&+y\jtT=ya&YD#
                                                            2024-09-27 06:30:40 UTC631INData Raw: 76 d7 3e aa 3b 49 fd b7 92 74 51 b5 3c 35 36 bd 17 31 dc d6 5e de 5b 90 f7 3d f9 77 e3 f1 25 85 7a 46 8e 57 a1 f2 63 21 9c 58 69 5f 9c b6 6f 16 fd 25 a2 91 a7 74 a6 f5 f0 5b b9 fc 99 7d 78 14 fb da 52 9c 9d d6 93 a7 ce 10 8d 11 ca 11 c0 92 dc 30 5a df d6 d8 fd a2 44 5c 3d c9 39 b8 b4 36 11 66 78 7b 8c 7a 58 63 2b 0b c8 a2 7b 86 e5 0c 6d fd 1c a3 58 95 4c 0c 81 29 77 5e 60 1a 76 b6 5d b6 ee ee eb 68 1e 64 c6 59 ed f8 50 d9 3f 21 f6 33 61 a2 24 94 c7 de ca 75 b1 b8 17 36 fe 93 5d 3c 8b 18 6e 8a 88 27 b0 45 79 cb 3f 45 8c f7 b5 d8 1b f2 f4 d6 45 7d 80 cb 67 a6 cb fb 94 f8 77 82 bf 87 e6 7d 6d c7 08 87 92 ec da 53 9e 47 c6 46 c1 cf de fa c9 29 31 a3 60 03 61 6e be 23 e8 34 37 d6 07 00 6b 56 8e 2d ab c5 d8 36 19 05 e8 92 8f 3e 4b f8 e2 36 82 86 15 80 68 d8 a2
                                                            Data Ascii: v>;ItQ<561^[=w%zFWc!Xi_o%t[}xR0ZD\=96fx{zXc+{mXL)w^`v]hdYP?!3a$u6]<n'Ey?EE}gw}mSGF)1`an#47kV-6>K6h


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            41192.168.2.456569104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC381OUTGET /2023/07/24/0635/img/icon-twitter_gscale.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC428INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 419
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1535
                                                            ETag: "64be1bd1-5ff"
                                                            Expires: Fri, 27 Sep 2024 06:49:27 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 673
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997248785742e3-EWR
                                                            2024-09-27 06:30:40 UTC419INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 12 00 00 00 0f 08 04 00 00 00 43 8f 57 99 00 00 01 6a 49 44 41 54 78 da 6d d1 4b 28 44 61 18 87 f1 e7 60 dc e6 c8 a4 68 48 0a 2b 92 a2 66 21 31 56 a2 44 cd c6 82 05 b2 60 c1 82 71 8b 28 8a 72 49 92 92 51 94 a4 48 6a 42 ac 29 29 b9 14 e5 9a 5b 88 d4 98 8d 99 c1 f1 39 65 8e eb 3c bf cd 7f f1 ee 5e 90 76 0c 17 f1 f8 a1 25 8d 18 ef 27 5e 1e 5e 1d 8f f6 d5 ec ab b2 13 33 fe 10 b8 56 ee 3c 5f c8 51 e7 67 f2 d9 aa 47 7c 72 29 8f 37 f6 7a 64 30 d8 fa 9d e2 fe 69 c3 5a 29 03 7e 0d b9 0e c5 29 34 97 cf 3d dd 44 40 84 d9 7a fa 7a 27 ee c4 d1 c1 66 d7 54 56 6f f7 ad ba 35 1d fb 14 11 0e 7a 73 c5 f8 ed 89 38 f5 3a f0 a8 fb 4b 8d 9d 14 74 10 da d4 b2 fb be 23 f6 7c b2 f4 12 05 a0 97 8b 46 1f d6 85 2f 0b ee 98 72
                                                            Data Ascii: PNGIHDRCWjIDATxmK(Da`hH+f!1VD`q(rIQHjB))[9e<^v%'^^3V<_QgG|r)7zd0iZ)~)4=D@zz'fTVo5zs8:Kt#|F/r


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            42192.168.2.456570104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC634OUTGET /2023/07/24/0635/img/header-logo.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://st.prntscr.com/2023/07/24/0635/css/main.css
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:40 UTC502INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 4148
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=7995
                                                            Content-Disposition: inline; filename="header-logo.webp"
                                                            ETag: "64be1bfb-1e52"
                                                            Expires: Fri, 27 Sep 2024 06:55:24 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 316
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997248bdea8c95-EWR
                                                            2024-09-27 06:30:40 UTC867INData Raw: 52 49 46 46 2c 10 00 00 57 45 42 50 56 50 38 4c 1f 10 00 00 2f 81 c0 09 10 f5 86 82 b6 6d 98 96 3f ec b7 83 20 22 26 80 8a c8 9c 54 f0 cd c2 f3 ff 8b dc 46 df b7 d1 63 66 66 86 32 33 33 87 99 99 99 39 e7 30 33 33 95 99 99 99 c2 cc 89 db d5 79 67 27 f4 06 be c7 77 73 ec cc ba 3e b9 6b 77 53 ae ff b2 6a cb ae af ca 84 93 39 cb 4a a6 6c cd ad 9a dd c2 e6 d0 ce dd ca 72 b5 32 35 42 02 00 80 65 23 fd 70 77 7f b6 6d db b6 cd d9 3f 77 1d ba b7 6d db b6 6d db fe b3 6d df 4d 7f 71 e4 b6 91 23 a9 4e 93 39 61 f7 11 b2 6d db 36 ed 68 25 65 db b6 6d db b6 eb da f7 c6 c9 35 62 db b6 6d db 7e ab 27 7e cd 3e 39 bb e5 bc af 3f c9 67 d5 a7 b8 5a 93 68 db 76 da 46 af 5c 67 cc 8c 92 2c 8e 31 64 57 29 3b fd ff 6f 1a 69 d7 b6 a7 6d ab f4 fd 34 66 66 9e e9 60 ed 44 56 c0 8c 52
                                                            Data Ascii: RIFF,WEBPVP8L/m? "&TFcff2339033yg'ws>kwSj9Jlr25Be#pwm?wmmmMq#N9am6h%em5bm~'~>9?gZhvF\g,1dW);oim4ff`DVR
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 0b 92 60 da 61 af cf e7 cb 81 fc 66 63 f7 37 3e 9f ef a6 d6 1b bf fb 5a be 01 09 16 36 2a b9 e4 7d 8b d1 1b 49 86 04 57 96 8a 48 56 98 ee 48 40 23 e1 34 a0 d0 73 37 8f ff 88 d7 96 75 66 62 58 2c be 99 e2 91 f8 1f 00 64 93 c1 71 cc c7 3b 41 dc 95 0a 10 22 31 8b ee 11 d6 17 96 5e ba f1 c2 6d 7f f8 23 09 f4 69 01 57 ae bd f6 fc 3b 83 43 de 7e e7 9a d5 76 68 07 2c 8a 8b 8b fb 8e 7c 28 f5 8a 75 d7 9d 3d 2b 05 18 60 47 90 c7 7c 88 8b 8b 6b b0 f1 9c 8a 42 21 df 5c 76 a3 26 2e 68 1a 7d 80 e8 c9 74 59 95 14 7b c5 a1 1b df 5d bd ef 25 5b df eb 6e 06 4f f4 3c de 15 39 d7 8a 42 59 5d 20 ca c9 0c f1 68 22 84 fb f8 7a e5 da a9 22 34 2d f7 f9 3b ad 5c 78 4b b3 df db 13 e5 3e 00 6c 47 32 78 5f d8 73 33 50 3b d6 20 2e 8c 0c 2b 12 78 c3 b8 aa aa 7d 19 e9 f1 67 2f 52 55 f5
                                                            Data Ascii: `afc7>Z6*}IWHVH@#4s7ufbX,dq;A"1^m#iW;C~vh,|(u=+`G|kB!\v&.h}tY{]%[nO<9BY] h"z"4-;\xK>lG2x_s3P; .+x}g/RU
                                                            2024-09-27 06:30:40 UTC1369INData Raw: 5a 87 01 f8 1c bd 44 d3 5a 2b 80 7b 58 4e 95 3f e5 84 c3 9a a6 55 da 1f 59 4b ae 1d 77 fc af 52 5f 3b cf 55 d2 5e 48 1a 16 9e 9a fa ad b7 fc 03 fe 71 6c 6e fe 29 cf 0d ae d8 05 7d ee e8 ed 92 e0 f7 9c 7a a9 98 86 5c 08 4f 25 37 53 25 b1 ae c5 e5 8c 3f bd f4 fd ff 7d 59 8e 60 ad fd fa 32 00 24 92 65 15 3f dd 01 90 a7 0c e7 ec 6a ad ee 00 48 f2 9b fb 6b d6 93 6c d5 1f f0 01 c4 5a 43 24 5b f5 91 ac d3 87 a4 02 f3 49 1e bb 3f a6 f4 3d 92 59 2d 1f be 48 b2 b5 b2 75 4f cb 2f b9 4e 90 64 dd a7 01 83 0c 98 d9 f9 36 12 f2 2d 92 53 35 7f 06 a8 99 82 64 f3 1f 1d 40 99 2f 20 bc f9 b8 c4 d7 ea fd bf a4 19 ab c9 f3 5e eb bd 7a 5f 10 9d 6a 5f b3 1b 8b 0b f6 81 5c 3a fe 77 85 bf 5d 90 5f 4a ce 43 c1 ca 67 c2 91 27 b9 b4 e4 87 8a 12 4f 50 68 73 bc 13 64 8d fb ee 0a 00 94
                                                            Data Ascii: ZDZ+{XN?UYKwR_;U^Hqln)}z\O%7S%?}Y`2$e?jHklZC$[I?=Y-HuO/Nd6-S5d@/ ^z_j_\:w]_JCg'OPhsd
                                                            2024-09-27 06:30:40 UTC543INData Raw: 36 55 1c 1f 2f bc d3 b2 2f 83 13 ca c0 0b c5 36 f1 f6 8b 58 d3 b8 76 76 d8 3a 73 f8 e1 c5 3e ff fd 03 00 6a 10 d9 d9 31 3a 5a cc e7 8f ca ba c2 47 c4 12 c5 f0 70 56 2f 62 86 10 42 3c 38 81 25 84 10 a6 b3 03 9e a7 13 9d 24 a5 a8 1e 34 97 98 2a 5e 4f b1 bf 2f fb f2 c7 b2 d3 05 6d ca 66 8a 95 38 96 42 32 5d f0 b6 d2 b3 61 bb 7d d3 2b 93 04 ad 29 4c 14 29 d2 1e 32 bf 5a 72 f8 66 e7 90 bb db 6d 7e 02 c0 7a f6 e7 ee 5e b7 bf 7d 04 e9 09 2d 14 1f e5 26 bc dc 62 f1 70 a6 b3 4d c1 44 24 35 75 5b 85 e4 d3 b8 63 90 d4 ef 23 db 72 3b 38 db 24 72 bd 35 29 4a d4 17 a4 46 67 51 fc 8e 59 03 d9 d6 c6 c2 f4 06 b5 9e 21 e2 f7 a9 cd 91 ba 24 92 6d 03 05 bb 55 4c 14 92 a2 5e ce 79 c2 1b 2a 98 22 42 a4 dd a6 76 cf e5 d3 77 e7 7a 06 00 56 23 b2 56 d5 47 04 e2 67 41 d7 4b ed eb
                                                            Data Ascii: 6U//6Xvv:s>j1:ZGpV/bB<8%$4*^O/mf8B2]a}+)L)2Zrfm~z^}-&bpMD$5u[c#r;8$r5)JFgQY!$mUL^y*"BvwzV#VGgAK


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            43192.168.2.456572104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC456OUTGET /2023/07/24/0635/img/helper-share.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _ga=GA1.2.698250061.1727418640; _gid=GA1.2.2001955101.1727418640; _gat=1
                                                            2024-09-27 06:30:40 UTC429INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 1967
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=3011
                                                            ETag: "64be1bd1-bc3"
                                                            Expires: Fri, 27 Sep 2024 06:49:28 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:01 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 672
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997248bff117a9-EWR
                                                            2024-09-27 06:30:40 UTC940INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 39 00 00 00 26 08 06 00 00 00 7e 98 33 cb 00 00 07 76 49 44 41 54 78 da d5 98 09 50 94 e7 19 c7 3f 96 e5 66 b9 61 81 65 d9 83 63 d9 03 58 76 b9 76 b9 11 16 70 41 e4 8a 22 20 c7 82 20 15 0f 08 22 6a 01 35 48 94 60 d1 18 8d f5 60 d2 c6 2b 89 b9 5a c7 c4 24 93 74 32 6d 93 49 8d e3 34 36 53 ed d8 d8 58 4d 6c 1d 8d 46 13 81 dd 7f 9f d9 d6 69 a6 99 25 41 be 6d 36 0f f3 9b 61 f6 db 79 9f e7 f7 de df 32 3f 44 38 bb b8 8b dd bc 02 57 7a 06 44 1e e7 85 c4 9c f3 09 8d fb d4 27 54 7e dd 87 2f bb e8 15 28 3e ed ee 13 ba 8d eb e6 5d e0 c4 e1 72 99 1f 5b 50 e1 49 5e 81 92 93 41 52 bd 45 98 54 85 e8 ec e5 90 1b d6 42 69 1c 80 ca 38 04 45 f1 06 c4 e6 af 82 38 ad 01 a1 72 03 fc 04 f1 ff 70 f7 e1 0f 70 b8 6e 7e 0e 2f
                                                            Data Ascii: PNGIHDR9&~3vIDATxP?faecXvvpA" "j5H``+Z$t2mI46SXMlFi%Am6ay2?D8WzD'T~/(>]r[PI^ARETBi8E8rppn~/
                                                            2024-09-27 06:30:40 UTC1027INData Raw: ed 95 6d 85 b2 64 10 b2 fc 6e 88 ff 23 4b 47 dd eb ce 5c f7 00 9b 82 ae 5e 81 4b 02 c5 69 66 51 4a 03 e2 0a fa a0 22 b9 78 6a 88 0d 54 a5 8f c1 d0 38 fa e5 d5 cf 6f 1c 04 50 37 30 76 fc 13 95 71 33 3b ed 97 0e 5b 65 63 72 56 22 5c 55 06 5f be ec 23 67 17 0f bf 6f 0b 7a fa a7 07 4b f5 53 12 9d 09 8a a2 0d 24 b8 89 d8 cc 0e f3 37 21 b7 76 f8 de c5 4b 57 8e 02 e0 31 14 00 5a 57 6f 9a f8 bb b2 64 80 b5 3c ca f9 43 34 aa 3d 10 24 56 c0 2f 4c f6 06 2d bb ff 4e 5d ae ab 27 97 2f 49 b9 24 4e 5d 0a b9 61 3d a8 57 d8 a3 78 00 ba ca c1 af cf 9d ff cb 2b 00 82 98 6f c4 fd fb 93 dd ad 7d 7b 3f 53 14 6d 64 2d 9f 82 f2 c5 e6 ad 41 98 a2 04 de 01 c2 16 e6 41 f8 06 4b 9a 04 f1 e5 d6 5e a0 84 ac a2 29 5d 3f f5 de 99 3f 9d 06 20 60 fe 27 00 70 be bc 7b 6f a0 76 c5 8e 7f 52
                                                            Data Ascii: mdn#KG\^KifQJ"xjT8oP70vq3;[ecrV"\U_#gozKS$7!vKW1ZWod<C4=$V/L-N]'/I$N]a=Wx+o}{?Smd-AAK^)]?? `'p{ovR


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            44192.168.2.456576104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC509OUTGET /2023/07/24/0635/img/footer-logo.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC428INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:40 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 699
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=1848
                                                            ETag: "616b5c94-738"
                                                            Expires: Fri, 27 Sep 2024 06:53:10 GMT
                                                            Last-Modified: Sat, 16 Oct 2021 23:13:24 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 450
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997249fb80438a-EWR
                                                            2024-09-27 06:30:41 UTC699INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 13 08 04 00 00 00 be 03 02 10 00 00 02 82 49 44 41 54 78 da d5 96 bf 8a d5 40 14 c6 7f cb c2 82 da 38 f8 00 c2 58 f8 00 29 7c 81 74 16 56 b7 b0 13 95 34 f6 ce 82 2f 90 27 10 6f 2b 88 10 2c b6 50 04 d3 fa a7 c9 2b 04 84 15 2d c4 f4 ae c2 08 e1 e3 1c ee 70 e3 5d 56 b7 d8 df c0 de dc c9 7c 73 be cc 39 27 7b d9 c9 63 2e 10 97 79 ca 4f ce 4e a4 e2 f4 54 44 fe 89 fb 1c 93 39 c6 89 ac e9 e9 69 70 aa 45 53 03 99 9e ed 04 d2 bc 53 4b d0 ce 13 99 c4 99 39 e0 0a bf c8 64 de 02 4e 3f cf 75 20 56 64 f2 82 e5 71 d1 70 60 20 b3 26 31 68 45 24 9f dd 70 cd 11 27 bc 22 cf e3 10 70 52 b1 f1 9a 65 c3 79 36 e5 44 12 1d 15 da 45 b1 26 7d 66 32 0d 0b b8 b6 e4 36 9f c8 f8 f8 5c d4 55 3b cf d6 1b a9 ad 29 58 38
                                                            Data Ascii: PNGIHDRXIDATx@8X)|tV4/'o+,P+-p]V|s9'{c.yONTD9ipESSK9dN?u Vdqp` &1hE$p'"pRey6DE&}f26\U;)X8


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            45192.168.2.456578104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC514OUTGET /2023/07/24/0635/js/jquery.smartbanner.js HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC362INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: application/javascript
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            ETag: W/"64be1bfb-aec"
                                                            Expires: Fri, 27 Sep 2024 06:57:31 GMT
                                                            Cache-Control: max-age=1800
                                                            CF-Cache-Status: HIT
                                                            Age: 190
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724a59cf43a7-EWR
                                                            2024-09-27 06:30:41 UTC1007INData Raw: 32 30 32 63 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 64 29 7b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 22 6a 71 75 65 72 79 22 5d 2c 64 29 3a 64 28 61 2e 6a 51 75 65 72 79 29 7d 29 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 64 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2c 6b 3d 2f 45 64 67 65 2f 69 2e 74 65 73 74 28 64 29 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 74 68 69 73 2e 6f 72 69 67 48 74 6d 6c 4d 61 72 67 69 6e 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 28 22 68 74 6d 6c 22 29 2e 63 73 73 28 22 6d 61 72 67 69 6e 2d 74 6f 70 22 29 29 3b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 3d 61 2e 65 78 74 65 6e 64 28 7b 7d 2c 61
                                                            Data Ascii: 202c(function(a,d){"function"==typeof define&&define.amd?define(["jquery"],d):d(a.jQuery)})(this,function(a){var d=navigator.userAgent,k=/Edge/i.test(d),h=function(b){this.origHtmlMargin=parseFloat(a("html").css("margin-top"));this.options=a.extend({},a
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 65 2c 31 3e 74 68 69 73 2e 73 63 61 6c 65 26 26 0a 28 74 68 69 73 2e 73 63 61 6c 65 3d 31 29 2c 62 3d 61 28 22 61 6e 64 72 6f 69 64 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 70 6c 61 79 2d 61 70 70 22 5d 27 3a 22 69 6f 73 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 5d 27 3a 22 6b 69 6e 64 6c 65 22 3d 3d 74 68 69 73 2e 74 79 70 65 3f 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6b 69 6e 64 6c 65 2d 66 69 72 65 2d 61 70 70 22 5d 27 3a 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 41 70 70 6c 69 63 61 74 69 6f 6e 2d 49 44 22 5d 27 29 2c 62 2e 6c 65 6e 67 74 68 29 29 7b 69 66 28 22 77 69 6e 64 6f 77 73 22 3d 3d 74 68 69 73 2e 74 79 70 65
                                                            Data Ascii: e,1>this.scale&&(this.scale=1),b=a("android"==this.type?'meta[name="google-play-app"]':"ios"==this.type?'meta[name="apple-itunes-app"]':"kindle"==this.type?'meta[name="kindle-fire-app"]':'meta[name="msApplication-ID"]'),b.length)){if("windows"==this.type
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 64 70 2f 3f 70 72 6f 64 75 63 74 69 64 3d 22 3a 22 6d 73 2d 77 69 6e 64 6f 77 73 2d 73 74 6f 72 65 3a 6e 61 76 69 67 61 74 65 3f 61 70 70 69 64 3d 22 7d 72 65 74 75 72 6e 22 68 74 74 70 73 3a 2f 2f 69 74 75 6e 65 73 2e 61 70 70 6c 65 2e 63 6f 6d 2f 22 2b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 61 70 70 53 74 6f 72 65 4c 61 6e 67 75 61 67 65 2b 22 2f 61 70 70 2f 69 64 22 7d 2e 63 61 6c 6c 28 74 68 69 73 29 2b 74 68 69 73 2e 61 70 70 49 64 2c 64 3d 63 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 63 2b 22 20 2d 20 22 3b 0a 73 77 69 74 63 68 28 74 68 69 73 2e 74 79 70 65 29 7b 63 61 73 65 20 22 61 6e 64 72 6f 69 64 22 3a 72 65 74 75 72 6e 20 61 2b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 69 6e 47 6f 6f 67 6c 65 50 6c 61 79 3b 63 61 73 65 20 22 6b 69 6e
                                                            Data Ascii: dp/?productid=":"ms-windows-store:navigate?appid="}return"https://itunes.apple.com/"+this.options.appStoreLanguage+"/app/id"}.call(this)+this.appId,d=c?function(){var a=c+" - ";switch(this.type){case "android":return a+this.options.inGooglePlay;case "kin
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 2e 6c 65 6e 67 74 68 3f 62 3d 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 61 74 74 72 28 22 63 6f 6e 74 65 6e 74 22 29 3a 30 3c 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 6c 65 6e 67 74 68 26 26 28 62 3d 61 28 27 6d 65 74 61 5b 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 5d 27 29 2e 61 74 74 72 28 22 63 6f 6e 74 65 6e 74 22 29 29 3b 62 3f 28 61 28 22 23 73 6d 61 72 74 62 61 6e 6e 65 72 20 2e 73 62 2d 69 63 6f 6e 22 29 2e 63 73 73 28 22 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 22 2c 22 75 72 6c 28 22 2b 62 2b 22 29 22 29 2c 66 26 26 61 28 22
                                                            Data Ascii: .length?b=a('meta[name="msApplication-TileImage"]').attr("content"):0<a('meta[name="msapplication-TileImage"]').length&&(b=a('meta[name="msapplication-TileImage"]').attr("content"));b?(a("#smartbanner .sb-icon").css("background-image","url("+b+")"),f&&a("
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 74 6f 72 29 2e 61 64 64 43 6c 61 73 73 28 22 73 62 2d 61 6e 69 6d 61 74 69 6f 6e 22 29 2e 6f 6e 65 28 61 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 61 28 22 68 74 6d 6c 22 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 22 73 62 2d 61 6e 69 6d 61 74 69 6f 6e 22 29 3b 0a 62 26 26 62 28 29 7d 29 2e 65 6d 75 6c 61 74 65 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 70 65 65 64 49 6e 29 2e 63 73 73 28 22 6d 61 72 67 69 6e 2d 74 6f 70 22 2c 74 68 69 73 2e 6f 72 69 67 48 74 6d 6c 4d 61 72 67 69 6e 2b 74 68 69 73 2e 62 61 6e 6e 65 72 48 65 69 67 68 74 2a 74 68 69 73 2e 73 63 61 6c 65 29 29 3a 63 2e 73 6c 69 64 65 44 6f 77 6e 28 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73
                                                            Data Ascii: tor).addClass("sb-animation").one(a.support.transition.end,function(){a("html").removeClass("sb-animation");b&&b()}).emulateTransitionEnd(this.options.speedIn).css("margin-top",this.origHtmlMargin+this.bannerHeight*this.scale)):c.slideDown(this.options.s
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 20 65 78 70 69 72 65 73 3d 22 2b 64 2e 74 6f 55 54 43 53 74 72 69 6e 67 28 29 29 3b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 61 2b 22 3d 22 2b 63 2b 22 3b 20 70 61 74 68 3d 2f 3b 22 7d 2c 67 65 74 43 6f 6f 6b 69 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2b 3d 22 2d 32 22 3b 76 61 72 20 63 2c 64 2c 67 2c 66 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 22 29 3b 66 6f 72 28 63 3d 30 3b 63 3c 66 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 64 3d 66 5b 63 5d 2e 73 75 62 73 74 72 28 30 2c 66 5b 63 5d 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 2c 67 3d 66 5b 63 5d 2e 73 75 62 73 74 72 28 66 5b 63 5d 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 29 2c 64 3d 64 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c
                                                            Data Ascii: expires="+d.toUTCString());document.cookie=a+"="+c+"; path=/;"},getCookie:function(a){a+="-2";var c,d,g,f=document.cookie.split(";");for(c=0;c<f.length;c++)if(d=f[c].substr(0,f[c].indexOf("=")),g=f[c].substr(f[c].indexOf("=")+1),d=d.replace(/^\s+|\s+$/g,
                                                            2024-09-27 06:30:41 UTC392INData Raw: 7d 29 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 7c 7c 61 28 64 29 2e 74 72 69 67 67 65 72 28 61 2e 73 75 70 70 6f 72 74 2e 74 72 61 6e 73 69 74 69 6f 6e 2e 65 6e 64 29 7d 2c 62 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 61 2e 73 75 70 70 6f 72 74 2c 63 3b 61 3a 7b 63 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 6d 61 72 74 62 61 6e 6e 65 72 22 29 3b 76 61 72 20 64 3d 7b 57 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 3a 22 77 65 62 6b 69 74 54 72 61 6e 73 69 74 69 6f 6e 45 6e 64 22 2c 4d 6f 7a 54 72 61 6e 73 69 74 69 6f 6e 3a 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 2c 4f 54 72 61 6e 73 69 74 69 6f 6e 3a 22 6f 54 72 61 6e 73 69 74
                                                            Data Ascii: });setTimeout(function(){c||a(d).trigger(a.support.transition.end)},b);return this},a(function(){var b=a.support,c;a:{c=document.createElement("smartbanner");var d={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransit
                                                            2024-09-27 06:30:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            46192.168.2.456579104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC502OUTOPTIONS /v1/ HTTP/1.1
                                                            Host: api.prntscr.com
                                                            Connection: keep-alive
                                                            Accept: */*
                                                            Access-Control-Request-Method: POST
                                                            Access-Control-Request-Headers: content-type
                                                            Origin: https://app.prntscr.com
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Dest: empty
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:41 UTC496INHTTP/1.1 204 No Content
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: text/plain charset=UTF-8
                                                            Content-Length: 0
                                                            Connection: close
                                                            Access-Control-Allow-Origin: https://app.prntscr.com
                                                            Access-Control-Allow-Credentials: true
                                                            Access-Control-Allow-Methods: POST, OPTIONS
                                                            Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
                                                            Access-Control-Max-Age: 86400
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724aac465e6d-EWR
                                                            alt-svc: h3=":443"; ma=86400


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            47192.168.2.456580104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:40 UTC509OUTGET /2023/07/24/0635/img/img-pic-480.jpg HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC420INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: image/jpeg
                                                            Content-Length: 29907
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=31830
                                                            ETag: "64be1bfb-7982"
                                                            Expires: Fri, 27 Sep 2024 06:31:10 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            CF-Cache-Status: HIT
                                                            Age: 1771
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724a8a390f78-EWR
                                                            2024-09-27 06:30:41 UTC949INData Raw: ff d8 ff e1 00 02 ff e1 00 02 ff db 00 84 00 04 03 03 03 03 03 04 03 03 04 06 04 03 04 06 07 05 04 04 05 07 08 06 06 07 06 06 08 0a 08 09 09 09 09 08 0a 0a 0c 0c 0c 0c 0c 0a 0c 0c 0d 0d 0c 0c 11 11 11 11 11 14 14 14 14 14 14 14 14 14 14 01 04 05 05 08 07 08 0f 0a 0a 0f 14 0e 0e 0e 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c2 00 11 08 01 3d 01 e0 03 01 11 00 02 11 01 03 11 01 ff c4 00 2f 00 00 01 05 01 01 01 01 00 00 00 00 00 00 00 00 00 02 00 01 03 04 05 06 07 08 09 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 f9 04 be 11 6c 94 98 90 bc 7a b9 c7 9c d9 7c bc 48 10 61 12 13 96 49 4b 81 92 17 0b 05
                                                            Data Ascii: =/lz|HaIK
                                                            2024-09-27 06:30:41 UTC1369INData Raw: f9 b4 ae 51 21 11 54 02 b0 c3 04 18 41 08 b2 4a 40 00 41 92 92 93 06 20 4b 04 44 a3 0c 31 19 00 26 a9 b4 59 37 4a e4 a5 33 60 df 37 8d f2 99 54 e3 cd 33 5c 23 a8 36 8d 03 e9 a2 70 4f cf a3 c1 8c f2 12 20 48 81 2b 0c 39 30 c3 8c 19 20 e0 82 11 28 89 02 08 98 8c a2 08 43 82 11 18 e5 a3 48 d8 3a 43 a2 39 53 60 a8 77 65 32 f1 d3 17 4c 23 e7 63 30 72 c1 60 bc 7d 8e 7d 4c 23 98 3f 35 8e 18 ae 01 54 61 82 22 28 96 03 0c 43 0c 18 43 0e 20 c0 08 10 84 30 62 04 90 61 c9 01 0c db 3b 63 3c ac 4a 75 26 89 e9 66 41 ce 97 8d 93 8a 3c 64 a4 22 d1 39 39 a8 7d 16 7a 71 f3 79 e2 e6 79 19 5c 01 83 00 84 aa 38 64 81 0c 38 43 84 21 87 08 71 c3 18 60 87 08 00 c4 30 c3 9a 67 6e 69 9c 38 c7 7a 7a 59 de 1e 70 11 94 40 68 1e 36 72 e4 c4 e5 92 40 07 2b 14 c0 20 21 18 44 23 8c 46 50
                                                            Data Ascii: Q!TAJ@A KD1&Y7J3`7T3\#6pO H+90 (CH:C9S`we2L#c0r`}}L#?5Ta"(CC 0ba;c<Ju&fA<d"99}zqyy\8d8C!q`0gni8zzYp@h6r@+ !D#FP
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 86 1c 71 c7 10 83 10 e1 8e 18 e3 8e 4a 11 20 c4 83 86 4e 11 20 61 12 80 46 40 44 71 02 10 87 18 61 c9 46 1c 42 1c 40 8e 38 40 92 91 82 4c 58 00 60 84 30 e4 41 82 18 82 18 11 0e 30 62 04 60 09 82 00 94 8c 94 70 c3 1c 12 41 18 63 8e 30 40 8c 38 43 8c 21 08 30 46 10 83 18 11 c9 89 c2 18 44 62 1c 43 02 18 87 23 10 84 30 87 08 61 83 18 43 91 84 4e 5b 18 ac 46 44 39 60 71 0e 10 41 02 48 4a 10 c3 88 61 87 26 22 23 1c 10 cb 44 c0 8c 01 5c 88 71 02 40 00 03 02 30 43 11 88 71 08 41 0c 30 82 04 94 42 00 61 82 1c 11 82 0c 20 89 84 10 23 04 10 44 a0 8e 30 86 08 94 9c 43 8e 4a 00 c3 8e 52 32 c7 1c 10 44 38 c0 8e 21 87 18 61 c6 10 42 1c 43 08 43 08 ac 08 e2 04 20 83 10 e3 12 82 30 87 0c 61 0e 21 c9 cb c1 08 22 22 a8 c4 a3 95 88 82 08 11 86 10 c0 84 08 e2 10 e3 08 43 8c
                                                            Data Ascii: qJ N aF@DqaFB@8@LX`0A0b`pAc0@8C!0FDbC#0aCN[FD9`qAHJa&"#D\q@0CqA0Ba #D0CJR2D8!aBCC 0a!""C
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 0f 74 21 34 14 0a 19 6d 86 d5 b0 18 82 a5 af 92 4f 62 95 49 ed 02 ed 0c 8f cc 1f 48 a1 da 68 52 68 03 4e 74 3d 80 a4 74 96 db 6d b6 ca 31 29 4b 78 38 a5 d5 da 3b 1d 23 a1 48 a7 d3 60 e5 f5 a9 1f e3 5d 24 20 51 a7 88 f4 50 3d 24 74 cd 4b 45 1d 14 e1 4b 5b 85 14 a6 96 9e 85 0a 4f 69 ac 13 4e ae e2 dd 48 fc 47 e0 dd 2d 49 a1 42 8d 5c 50 f4 26 85 24 6b c1 34 85 34 b4 10 bc d4 b5 2d 46 12 85 55 e0 e9 34 3b 00 06 ea e9 2d 74 b4 38 8f c6 7d 90 29 34 0c a8 ba 53 53 32 48 a0 96 52 8a 0c b8 c0 43 48 81 5b 32 29 c0 a6 94 bb ee 85 0a 45 2e 85 0a 14 d1 bf 4d bb 8f 39 e4 ad 5f 90 f5 85 50 a1 e8 ba 9e b2 25 a0 d2 59 18 80 fa 52 a4 af 29 a4 9c f3 71 d2 ea 69 e7 3a 05 25 ce a4 53 25 f4 22 af c7 e8 9f 56 c3 85 14 12 ae 8d 1a 99 9e 9b 36 c6 a5 b5 5d bc 9b 83 79 e7 0b 9d de
                                                            Data Ascii: t!4mObIHhRhNt=tm1)Kx8;#H`]$ QP=$tKEK[OiNHG-IB\P&$k44-FU4;-t8})4SS2HRCH[2)E.M9_P%YR)qi:%S%"V6]y
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 82 b2 f9 86 ef 72 d3 d4 a7 55 23 a1 8a b6 04 ef 64 8a cf 1c 4a 90 e6 3a 9f 31 89 7d 2a 9f 99 f0 63 af 03 f9 dd 7f fe 9c fb 27 6e cd 5f 5a dd 5c 04 26 5a 8a 66 22 fa 5e 22 ce 2b 11 aa 8a ea d7 13 8a 29 b4 8a 64 1a 64 55 d9 d6 c0 c4 b5 55 fd ca 76 c5 94 15 4b 4c a1 2a 69 ac 8a 12 8d d9 d0 54 69 3c 0c 4b 69 10 f3 3e 0c 7c b5 e0 7f 35 17 bb 8e f3 ec b9 2d 5e 1d 8a dc 52 d1 d1 66 4e 38 a4 c5 c7 06 42 5d 6e 26 c1 b1 93 fc 0d c7 32 53 cd 93 ab 82 3a 38 b6 cd b9 f8 0a 25 a3 7e 03 da 46 ce 8d 4f c8 bf 56 24 ab ce f9 9d 1c 76 99 fc cc 4f 83 1d 78 1f 1e 1a ec b5 3d 70 b2 fd c8 10 e2 53 28 69 6e d3 76 34 5e f1 a1 be 2c d0 f9 b3 47 8e 52 28 c5 3d 99 90 58 6d 91 ef 8b be 49 e1 19 62 55 ef 22 af 78 af cc ae 8d 2b f0 69 31 7b 36 2b 47 32 ab c8 af c2 26 92 fe 86 69 7d c3
                                                            Data Ascii: rU#dJ:1}*c'n_Z\&Zf"^"+)ddUUvKL*iTi<Ki>|5-^RfN8B]n&2S:8%~FOV$vOx=pS(inv4^,GR(=XmIbU"x+i1{6+G2&i}
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 5b 04 8b 60 63 8e a5 b1 28 be 26 c4 9a 7b b6 bf 9e e6 dc 0d 8a b2 8f e4 5d 1d 3a 8d 5f 0d 97 f8 21 52 f3 a6 c7 17 fa 2c 6f c8 be 1b bf 13 d3 77 0d 6f 01 3c 4c 5d f5 59 59 1b 59 9b 2e c7 88 ac 5f 21 ac cb bb 8d b6 62 60 35 59 ee f5 e4 bf 3b 9d 53 a3 ac a7 ea 74 9a 35 5a 4f 38 63 14 33 6f 3c cd 87 d9 2d fe a7 99 72 da b1 d5 f1 5e fb b8 b9 11 6b 1a 65 39 be 57 25 19 34 35 e4 61 aa c3 1b d6 90 8b f5 4f 8d bb f1 3f 1b 98 f9 97 a7 72 d3 8f 76 a2 27 4e ac a1 c9 92 1c dd df e8 5a 5b 3b b9 79 9f 12 5e 7a ad 90 f5 df 33 6b 2c cb 4f 1c cd a8 60 58 6e d5 3d 4b 8b 72 d8 ea 42 1e 36 33 99 b7 37 2f 42 fb 9f 12 3a af ab 23 6a 9b 44 94 3f e9 23 e2 a9 f7 d7 e8 af 22 ef 5d b5 7f 73 1d ec 0c 7c 4c 49 28 dd 64 46 f7 fd 88 d3 a6 9f ec 51 b6 32 b3 28 2f a8 d1 f2 db c4 a7 3c 14
                                                            Data Ascii: [`c(&{]:_!R,owo<L]YYY._!b`5Y;St5ZO8c3o<-r^ke9W%45aO?rv'NZ[;y^z3k,O`Xn=KrB637/B:#jD?#"]s|LI(dFQ2(/<
                                                            2024-09-27 06:30:41 UTC1369INData Raw: c8 68 52 ff 00 4b 2b 3c 1d 53 45 31 c6 e4 39 4e 04 da e1 14 1f b8 b7 45 e0 f9 c9 a1 74 27 70 a6 39 32 4b bd 18 c8 dc 75 b6 fa 89 f4 6e 7a 91 8e a2 31 22 24 cc 0a 49 55 6c 2b 42 c0 e3 9f c8 9c d2 eb 62 a5 36 4b b1 b5 42 72 cf 7d 0e b8 33 f4 fc 8b ea b8 4c 5b 23 1c 0a 96 2f 77 2f 7d 08 09 cf 6f d7 a0 2f e8 16 ca 39 16 93 5e 60 5c 36 91 6c a4 c8 34 90 96 a7 e4 43 19 1b 33 ea 3f d2 24 df d0 7c d3 04 84 87 3a f9 4f b8 db 5f 02 5b 31 ad f2 62 bb 69 48 89 c6 1d 79 22 70 3c 09 7f a3 49 87 5b 09 a6 d7 62 75 78 12 ac bc be 44 28 7b 89 3a 3a 89 61 57 07 bb 6f 48 bd 6b 62 4c fc 49 1a 5b 62 89 ef 05 f5 42 dc 47 2d ec 26 9c 9c b6 c8 79 b6 69 4f 19 24 9c 4b dc 4d 50 d9 a8 73 3a 96 51 37 a8 ba cd c4 e5 c7 a4 91 a9 47 27 bb ac 8f f0 96 e2 c4 da ee 29 a9 9b 8e 86 e6 f0 22
                                                            Data Ascii: hRK+<SE19NEt'p92Kunz1"$IUl+Bb6KBr}3L[#/w/}o/9^`\6l4C3?$|:O_[1biHy"p<I[buxD({::aWoHkbLI[bBG-&yiO$KMPs:Q7G')"
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 24 d7 0f 2e 06 9d b5 ef a8 45 3c d6 bf 04 29 d2 6d db 5a 97 75 6b b9 05 6d ee 2a 6e 21 ee 60 4f f8 24 96 74 ce 08 b1 50 a9 64 df 19 1b 98 ff 00 02 d0 65 36 20 c2 b6 12 12 c7 dd 44 33 ce 77 ed 06 72 db d8 94 6d 14 d8 8b 76 67 51 35 2b 01 9b 5e 33 e9 7a b7 f2 27 42 92 eb 77 43 a0 41 e0 bf e1 b1 87 a6 06 59 f0 40 a5 6c 37 98 c9 45 7a 22 6e f4 d0 ea 24 13 c6 83 c5 81 93 d8 b3 9d 44 8a 29 75 21 b4 f4 e4 6e 25 35 3a 90 d2 57 02 b5 a2 f4 8e 49 95 ca 34 43 14 5d 0a fc 16 9e 46 9a bf d3 0d 51 a4 45 8d 52 8d ca b8 6f a8 de 62 6b 43 59 b8 13 4d 60 9b b2 a1 d3 73 86 f9 91 5e f6 1a c7 bf a3 65 1c 96 c9 48 bb 6b 8a d6 5d be 83 90 d8 58 43 f2 2b 89 65 76 14 b9 64 75 b6 52 7a 0c a8 6c d9 43 9c ee 04 2b bd e8 17 a0 de 42 73 c8 19 9f e4 f9 42 7a 88 76 d5 12 b1 7e 8d c6 74
                                                            Data Ascii: $.E<)mZukm*n!`O$tPde6 D3wrmvgQ5+^3z'BwCAY@l7Ez"n$D)u!n%5:WI4C]FQERobkCYM`s^eHk]XC+evduRzlC+BsBzv~t
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 4d c3 5e 9b 96 d1 5c 0d b9 e4 42 89 c7 29 42 3f 63 04 ae ed 64 7c 5c df b0 6f 08 89 3e 9b ea 22 a1 22 0d 6d 99 13 b9 58 d0 5a 47 e8 8f ac 83 81 cb 96 d7 e4 69 d8 a3 92 ed 7e 05 33 a8 5b 5b 4c 3e e4 79 0d 4e ef 92 47 7b 82 35 25 b2 c5 5c 68 39 c3 9d 09 2e dc b1 64 09 74 28 b7 a5 6e a4 49 54 de a2 98 97 c8 89 cf 67 88 3a 7a 59 11 5f 83 35 3e 4b c9 68 c7 95 2b b2 20 49 28 f6 12 7a e8 29 58 62 7f 86 7f f8 24 e4 a4 45 8f 33 35 52 39 92 b9 fd 22 a3 b0 93 1d cf 73 43 9b ee 53 71 ad 2c 58 c4 95 f9 86 96 23 31 b1 e2 0b 73 b9 22 90 2b 65 90 6e 35 d8 b5 2e aa 05 e4 6c ac 66 a8 d5 8e 86 4e ac 93 bc c0 bc b1 8f 73 71 32 f1 1a 0a 77 b1 de 64 6a 32 3d a3 96 4b 1b 84 12 5a 0d 0a f6 cc b2 64 a7 e4 7e 7a b3 23 40 e2 d5 0d b6 df 53 33 1c f8 ff 00 46 cc 9a d9 22 a8 27 4e 84
                                                            Data Ascii: M^\B)B?cd|\o>""mXZGi~3[[L>yNG{5%\h9.dt(nITg:zY_5>Kh+ I(z)Xb$E35R9"sCSq,X#1s"+en5.lfNsq2wdj2=KZd~z#@S3F"'N
                                                            2024-09-27 06:30:41 UTC1369INData Raw: c5 33 bf 71 2a e9 ec 7c d7 ec 5d ed 34 b9 a0 c9 d5 49 52 62 b5 3e 3d 19 ad 67 51 c6 b3 c3 25 37 27 71 bd 8a 68 4d e5 ad 72 61 54 de 4e f7 03 15 a9 df d1 e0 92 0d 12 ec 47 55 48 9f 98 a7 d4 9e 43 89 bd 30 39 22 e8 c6 d7 7f c9 47 d7 ff 00 14 1e 48 12 dc 99 86 29 b8 b9 f2 54 d6 86 32 26 82 4e 6c 9c 89 3a 88 aa 91 b7 05 25 32 11 79 32 e9 4a e2 4a c8 be 44 72 36 19 8d 26 3b 87 fb 0d a8 34 7f 52 1d 37 28 89 98 27 0e e1 dc 1a 80 e6 93 27 a8 92 8d 88 20 b5 b6 4f 24 3b 52 b2 2d 98 3c 23 99 3c 48 dc 6b b6 83 76 b5 35 c1 01 56 e1 7d 94 1c 5c 19 3a 4d fa 66 86 e5 e4 95 df 42 13 81 8e 4e 96 27 91 36 a9 08 6a fb 09 aa 44 ff 00 84 d8 0f bf 66 fa 8e 6e 4a 52 c7 71 51 42 1e bd 49 2b 3c 8a 61 31 dc ce 30 e7 41 e1 2c 70 25 ad 3a 92 2f 1a b1 34 6a f0 5d 46 e5 cb c8 c5 70 eb
                                                            Data Ascii: 3q*|]4IRb>=gQ%7'qhMraTNGUHC09"GH)T2&Nl:%2y2JJDr6&;4R7('' O$;R-<#<Hkv5V}\:MfBN'6jDfnJRqQBI+<a10A,p%:/4j]Fp


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            48192.168.2.456581104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC505OUTGET /2023/07/24/0635/img/page-bg.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC430INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 5822
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=7116
                                                            ETag: "64be1bfb-1a7b"
                                                            Expires: Fri, 27 Sep 2024 06:49:59 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 642
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724c384c42bf-EWR
                                                            2024-09-27 06:30:41 UTC939INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a0 00 00 00 a0 08 00 00 00 00 ae a4 38 f1 00 00 16 85 49 44 41 54 78 da ed db 49 72 24 3b 94 9d 61 df ff a2 48 26 93 64 b2 4d f6 4c 36 0e 5c f4 3d 70 bc 8f a9 06 35 91 4a 65 aa 7c cf 25 8d b8 82 cf 2c 2c 22 1c 7e 71 ff 6e 0a b1 cc b9 aa 69 b0 6d 72 54 97 6c 80 5c d4 dc 5a dd 32 c9 16 8d 9b 8b 20 64 55 26 a2 b6 41 97 d1 71 36 92 0c 2b c1 23 d6 b0 16 9e b7 50 dd 46 51 a0 da 82 c2 d9 98 42 5b 15 f2 1c bc df 63 74 3d 7b 71 8a 9e 5b 75 a2 51 11 4e f9 4b ab 23 8f d9 3d 21 a4 1b 6f ca af 12 71 9a 48 7c c0 97 53 87 f8 94 13 7f d1 55 2b 66 8a 74 19 84 12 cf 0d d3 4c 04 75 55 14 bb 4c d2 9d d4 52 9e d1 d4 ad 88 f8 55 f6 18 9d 4f b0 a1 b6 e6 68 cd 4d 0c 83 f2 43 08 69 2e c2 af 60 7e cb 35 4e 94 f2 9a b3 9d 35
                                                            Data Ascii: PNGIHDR8IDATxIr$;aH&dML6\=p5Je|%,,"~qnimrTl\Z2 dU&Aq6+#PFQB[ct={q[uQNK#=!oqH|SU+ftLuULRUOhMCi.`~5N5
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 76 0b e7 9e fa dc 6e e0 ea 97 4c ee 15 e4 6e 12 33 a7 86 ab 33 2f 1a e7 88 1c de 9e c0 24 05 a6 7f 70 12 3f 95 88 24 8a 78 d6 7b 8c ae a8 c9 03 13 43 02 4b 7c 0a 1e ab 73 0d 68 18 4d c2 0c 9f 37 c9 62 6b 21 2e 4a 02 cd d4 a5 70 bd 59 97 87 1c cb c0 e0 c6 d0 e7 cd c0 ad 55 a6 29 82 46 93 d8 48 46 cd ac a8 66 ec b0 9a 3d 46 77 05 55 fb 98 71 32 68 fa ac 02 cf ba 86 9f da 0b 99 7b 2d 9a e2 0f 86 87 5e 71 f9 6a b5 78 11 5e 9f 79 a3 8f a9 95 33 38 c5 13 b7 5f 49 a8 f3 86 7a 56 42 52 64 cb 45 b4 55 92 2c d7 15 fa 98 5a 3b e5 8e ed 31 ba 0d ce 2c 08 98 32 64 8b bc 4d 31 2b 40 b4 b1 e6 02 0d 3b 66 9d e7 a2 19 92 8a 6b c9 69 e6 a0 41 52 58 73 70 08 8d 8f 2a b0 55 31 33 0e c5 ac ca f9 03 1c 3b 24 62 0b f7 61 42 75 53 13 d8 63 74 14 cf 54 b5 9f b2 f0 23 93 42 5f 15
                                                            Data Ascii: vnLn33/$p?$x{CK|shM7bk!.JpYU)FHFf=FwUq2h{-^qjx^y38_IzVBRdEU,Z;1,2dM1+@;fkiARXsp*U13;$baBuSctT#B_
                                                            2024-09-27 06:30:41 UTC1369INData Raw: d9 29 bb 38 c5 87 1c 31 4b 02 10 05 52 a2 d9 78 36 d7 56 66 87 34 72 d3 46 e4 34 14 83 c5 4a 3e 47 dd 83 17 33 38 13 f7 18 9d d4 2c 03 7f 64 c1 bf fb 3d fe 77 e7 45 f0 4b ec 31 ba 48 53 40 98 6c d3 87 cc b0 85 24 0f ae c8 2d 65 b9 42 98 b5 b1 d6 b4 a2 b5 02 33 3c db 34 73 9b 14 66 ea 0b 1b 1b ea 81 b3 b4 32 5f 10 4b 3c 20 fa 21 67 3e 7b 72 4b 2d f6 00 8f 96 00 b0 3d 46 f7 c5 9a fb 59 73 3b 57 83 7a d0 21 bc 85 22 1e 0a d8 23 72 7d f1 94 fe d4 9c 6f a3 e6 e7 d9 51 9f 4c 64 96 1b 1e 54 bb 24 6e a8 44 f9 69 1c 3f b6 24 9f 0b e1 21 54 7f e5 1a 3e bd a7 9f 29 d6 0b a1 fd ab b4 61 8f d1 1d 84 73 ab d0 62 b3 a4 57 61 30 f4 4c 8d 88 69 a5 a8 57 d9 8b 55 d5 3a 07 0b 98 c8 27 ed 33 e0 69 61 ca 6e b2 00 7d 10 2b 13 ed 50 95 38 68 ef c0 99 58 6d 10 a8 ca ce d6 ba b5
                                                            Data Ascii: )81KRx6Vf4rF4J>G38,d=wEK1HS@l$-eB3<4sf2_K< !g>{rK-=FYs;Wz!"#r}oQLdT$nDi?$!T>)asbWa0LiWU:'3ian}+P8hXm
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 5c a6 35 33 6a d6 88 66 9c 6a c9 09 b8 1a c6 5e 63 23 5f e1 a5 43 8c 84 e2 ea e4 35 86 e0 da d0 2c e6 52 c5 e0 52 1d 1a f7 7b 8c ee 3f cf 5a 4a 51 0c fe 34 c7 20 8c 20 9e 9a b9 4f 88 27 ba e1 ad 34 f6 69 62 ba 8c 9c 1d 3b 87 2f cb cd 09 fb 9b 59 cb 1e a3 0b f9 40 3e 36 99 b0 39 4b 83 e1 0e 21 0d cd 91 9c 88 64 83 95 53 90 75 d1 d6 8e 0d 7a cb 88 2d 23 cc da a9 99 89 b8 21 d5 35 39 3f 29 d9 06 6e d4 12 8a 3a d8 2c 46 e7 1d aa f4 73 06 1f e4 1e a3 23 9b 70 6b 6d b9 06 e9 1f be b9 e3 1c c5 71 6a 78 94 51 9c 47 86 bb ec da 03 f5 50 85 bb 0f b2 b8 d0 50 17 44 e1 25 22 5f 4b 87 07 2e f9 b9 67 49 f8 62 8f 23 b7 6f 8d b9 df 2a 07 26 13 94 53 e1 2b 95 b6 c7 e8 56 f0 b8 fa 96 86 04 3b 1b 5f e6 d4 c4 60 80 31 4b be 01 72 b4 4c 2d 2a 68 10 c5 05 cc 43 00 e3 a0 e3 06
                                                            Data Ascii: \53jfj^c#_C5,RR{?ZJQ4 O'4ib;/Y@>69K!dSuz-#!59?)n:,Fs#pkmqjxQGPPD%"_K.gIb#o*&S+V;_`1KrL-*hC
                                                            2024-09-27 06:30:41 UTC776INData Raw: c8 d6 4a 66 ca 81 0e cc b1 31 09 bf 08 66 f6 18 1d 85 23 a3 e3 6b 8e e6 d2 7a 71 c3 a9 fe 16 9c ce b3 e4 c7 4a 87 d7 c4 fa eb 5c d3 6b 71 fc b6 06 fb aa 2c 3e 39 13 8f 88 fe 97 cb ed 3e 11 8e 34 d7 4f 46 ea 17 8d fa e4 51 c8 52 38 95 b2 ff 2d 4c fc 88 d6 dd b3 3d 46 17 fc 64 a4 1c 2d d5 06 56 1a 5c 3a 00 98 83 e9 07 6d cb ea ab 9d 05 f3 ab 25 3e 39 13 d6 c2 dc 04 ab 0f 5e f6 ab 2f 69 06 69 54 db a0 5b 84 d4 76 f2 9e ad 82 87 06 86 31 d6 36 43 15 b8 3d 46 77 51 aa b9 cd 83 ba e3 11 a7 b9 e2 4d 44 fb 00 5f 4f 99 f2 9c 90 ee 6b 49 97 49 e3 96 69 ff c5 2b 7b 64 de 5d 25 e6 8f a0 93 b0 ba fd 60 de df e6 a4 af c8 d2 4b 65 f9 0e 26 9e aa ca 6f 43 68 bf 03 ec 2d 64 db 63 74 07 0f 83 14 f4 5a 43 9c 86 86 8d 9c 9d ac b6 a3 11 6c 42 c2 06 c2 54 6c 85 93 61 2a 4d 2e
                                                            Data Ascii: Jf1f#kzqJ\kq,>9>4OFQR8-L=Fd-V\:m%>9^/iiT[v16C=FwQMD_OkIIi+{d]%`Ke&oCh-dctZClBTla*M.


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            49192.168.2.456582104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC771OUTPOST /cdn-cgi/rum? HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            Content-Length: 1562
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-platform: "Windows"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            content-type: application/json
                                                            Accept: */*
                                                            Origin: https://app.prntscr.com
                                                            Sec-Fetch-Site: same-origin
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Referer: https://app.prntscr.com/en/thankyou_desktop.html
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC1562OUTData Raw: 7b 22 6d 65 6d 6f 72 79 22 3a 7b 22 74 6f 74 61 6c 4a 53 48 65 61 70 53 69 7a 65 22 3a 39 34 35 30 31 35 32 2c 22 75 73 65 64 4a 53 48 65 61 70 53 69 7a 65 22 3a 35 32 32 39 39 36 30 2c 22 6a 73 48 65 61 70 53 69 7a 65 4c 69 6d 69 74 22 3a 32 31 37 32 36 34 39 34 37 32 7d 2c 22 72 65 73 6f 75 72 63 65 73 22 3a 5b 5d 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 65 76 65 6e 74 54 79 70 65 22 3a 31 2c 22 66 69 72 73 74 50 61 69 6e 74 22 3a 33 39 32 33 2e 39 30 30 30 30 30 30 30 30 30 32 33 33 2c 22 66 69 72 73 74 43 6f 6e 74 65 6e 74 66 75 6c 50 61 69 6e 74 22 3a 33 39 32 33 2e 39 30 30 30 30 30 30 30 30 30 32 33 33 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 31 37 32 37 34 31 38 36 33 34 36 39 37 2e 38 2c 22 76 65 72 73 69 6f 6e 73 22 3a 7b 22 66 6c 22 3a 22
                                                            Data Ascii: {"memory":{"totalJSHeapSize":9450152,"usedJSHeapSize":5229960,"jsHeapSizeLimit":2172649472},"resources":[],"referrer":"","eventType":1,"firstPaint":3923.9000000000233,"firstContentfulPaint":3923.9000000000233,"startTime":1727418634697.8,"versions":{"fl":"
                                                            2024-09-27 06:30:41 UTC372INHTTP/1.1 204 No Content
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Connection: close
                                                            access-control-allow-origin: https://app.prntscr.com
                                                            access-control-allow-methods: POST,OPTIONS
                                                            access-control-max-age: 86400
                                                            vary: Origin
                                                            access-control-allow-credentials: true
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724c9e9842ea-EWR
                                                            X-Frame-Options: DENY
                                                            X-Content-Type-Options: nosniff


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            50192.168.2.456583104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC551OUTGET /manifest.json HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: */*
                                                            Sec-Fetch-Site: same-origin
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: manifest
                                                            Referer: https://app.prntscr.com/en/thankyou_desktop.html
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            2024-09-27 06:30:41 UTC294INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: application/json
                                                            Content-Length: 461
                                                            Connection: close
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:00 GMT
                                                            ETag: "64be1bd0-1cd"
                                                            Accept-Ranges: bytes
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724cca7fc323-EWR
                                                            2024-09-27 06:30:41 UTC461INData Raw: 7b 0a 20 20 22 73 68 6f 72 74 5f 6e 61 6d 65 22 3a 20 22 4c 69 67 68 74 73 68 6f 74 22 2c 0a 20 20 22 6e 61 6d 65 22 3a 20 22 4c 69 67 68 74 73 68 6f 74 22 2c 0a 20 20 22 69 63 6f 6e 73 22 3a 20 5b 7b 0a 20 20 20 20 22 73 72 63 22 3a 20 22 2f 2f 73 74 2e 70 72 6e 74 73 63 72 2e 63 6f 6d 2f 32 30 32 33 2f 30 37 2f 32 34 2f 30 36 33 35 2f 69 6d 67 2f 69 63 6f 6e 2d 6c 69 67 68 74 73 68 6f 74 2d 31 34 34 2e 70 6e 67 22 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 2f 70 6e 67 22 2c 0a 20 20 20 20 22 73 69 7a 65 73 22 3a 20 22 31 34 34 78 31 34 34 22 0a 20 20 7d 5d 2c 0a 20 20 22 64 69 73 70 6c 61 79 22 3a 20 22 73 74 61 6e 64 61 6c 6f 6e 65 22 2c 0a 20 20 22 73 74 61 72 74 5f 75 72 6c 22 3a 20 22 2e 22 2c 0a 20 20 22 70 72 65 66 65 72 5f 72 65
                                                            Data Ascii: { "short_name": "Lightshot", "name": "Lightshot", "icons": [{ "src": "//st.prntscr.com/2023/07/24/0635/img/icon-lightshot-144.png", "type": "image/png", "sizes": "144x144" }], "display": "standalone", "start_url": ".", "prefer_re


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            51192.168.2.456584104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC746OUTGET /favicon.ico HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-origin
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://app.prntscr.com/en/thankyou_desktop.html
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC298INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: image/x-icon
                                                            Content-Length: 5430
                                                            Connection: close
                                                            Last-Modified: Sat, 16 Oct 2021 23:13:24 GMT
                                                            ETag: "616b5c94-1536"
                                                            CF-Cache-Status: HIT
                                                            Age: 680
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724cce4f41db-EWR
                                                            2024-09-27 06:30:41 UTC1071INData Raw: 00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 44 99 1e cc 63 9f 55 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 35 7f 18 bf 4c 92 c5 d4 aa aa 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: & h( @ DcU5L
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 89 b2 57 ce 85 b4 ff d8 81 b5 ff a9 49 7e ff 79 22 50 fc d0 72 ac ff d9 85 b6 ff cb 82 a9 ff ba 75 96 ff b0 6a 88 ed ab 68 85 84 b6 6d 91 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 99 bb 1e ca 8d b6 ff dd 96 bf ff d2 7a ac ff 93 38 6a ff 8d 32 66 ff d3 70 ad ff dc 85 b9 ff de 97 bf ff d3 96 b4 ff c0 83 9f ff b2 71 8f f9 ab 6b 88 9f b1 73 8b 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: WI~y"Prujhmz8j2fpqks!
                                                            2024-09-27 06:30:41 UTC1369INData Raw: c5 ff d8 87 b5 ff bd 5d 93 ff 9e 3d 6f fd ab 45 81 ff d1 68 a8 ff db 7d b6 ff df 92 bf ff e3 a7 c7 ff e6 ba cf ff e4 c4 d0 ff c6 96 a9 ff bd 87 9b 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 93 b5 2d c2 8f b4 db d0 a0 be ff e0 ae c9 ff e2 a3 c5 ff dc 8c bb ff c5 65 9c ff ad 47 7f ff ac 45 80 ff cd 64 a6 ff da 7a b4 ff de 8f bd ff e2 a4 c6 ff e6 b7 ce ff db b2 c3 ff c1 8c a1 fc c2 8b a3 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 99 bb 0f be 88 ae ae c8
                                                            Data Ascii: ]=oEh}-eGEdz*
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ba 6f a5 7e d4 7b b2 ff bf 50 96 f6 c9 3f 94 d5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 7b ae 7e d8 7a b3 ec ce 41 9b c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: o~{P?{~zA
                                                            2024-09-27 06:30:41 UTC252INData Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 c9 93 b7 12 ca 83 b2 c7 d9 77 b3 fe ce 5c a3 f6 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 cf 8d b7 7c d3 6b ad f0 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 d6 84 b7 7d ff ff ff 00 bf ff ff ff 9f ff ff ff 8f ff ff ff 83 ff ff ff 80 7f ff ff 80 1f ff ff c0 0f ff ff e0 07 ff ff f0 03 ff ff f8 03 ff ff fe 01 ff ff ff 01 ff ff ff c1 ff ff ff e1 ff ff ff f9 ff ff ff fd ff ff
                                                            Data Ascii: w\|k}


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            52192.168.2.456585104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC509OUTGET /2023/07/24/0635/img/header-logo.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC430INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 5502
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=7995
                                                            ETag: "64be1bfb-1e52"
                                                            Expires: Fri, 27 Sep 2024 06:49:27 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 674
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724ceb90c334-EWR
                                                            2024-09-27 06:30:41 UTC939INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 82 00 00 00 28 08 06 00 00 00 32 84 22 75 00 00 15 45 49 44 41 54 78 da ed 5c 09 54 56 47 b2 d6 c4 91 c9 24 c1 89 19 35 c6 18 a3 71 8d 4b 1c 35 cf 21 6a dc 09 2e 71 df 37 dc 50 41 40 01 15 05 15 8d 42 54 5c 50 64 51 04 d9 91 5d 10 50 04 91 08 c8 ae 6c 02 02 6e a8 89 bb 31 c6 e0 42 a8 f7 95 a7 ef 39 7d ee f3 97 f0 3f 33 89 47 eb 9c ef 70 6f dd ee aa ea ee aa ee ea 7b fb a7 de 9f 41 a1 db 32 1a d7 7b 4d af 36 39 2e 0e 1d b1 5e 3f 72 c3 eb 9e 78 c5 c9 d5 3a 86 8c 7b 3a 27 bd ee 89 57 98 b6 9a 86 c7 78 ac 4c a2 89 ed 6d 8f be ee 8d 57 94 1c e6 06 ed 0a 73 ce a0 cd 13 63 68 42 27 eb c0 d7 3d f2 0a d2 46 c3 40 d7 18 f7 3c da b3 32 91 be 1d 12 43 23 3e 5b b0 e5 25 30 bb 7e 6e 6e ee 07 d7 af 5f 9f 7b eb d6
                                                            Data Ascii: PNGIHDR(2"uEIDATx\TVG$5qK5!j.q7PA@BT\PdQ]Pln1B9}?3Gpo{A2{M69.^?rx:{:'WxLmWschB'=F@<2C#>[%0~nn_{
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 45 d6 5d 7f fa f4 e9 fa b2 be dd bb 77 87 70 ae a2 a1 fc 7b 3e 3e 3e 2e 72 f9 85 0b 17 5a 09 5b 3a 62 10 52 e5 67 88 f8 4b 67 cf 9e 3d cd d7 ee ee ee 1c 18 d3 81 7f d5 aa 57 7b d2 6c df 8b 20 bb a9 be e6 81 8e 27 28 e5 60 05 1d 0f 2e a3 38 f7 7c 8a da 91 4f 3b 8d 63 c9 5a df 1f 4e 90 41 11 76 85 74 78 f7 59 8a 71 2b 24 3b 43 ff 6a b1 16 d6 95 5a 62 6d cd 44 a4 10 23 3f 3f ff 21 78 53 55 1e 5d 3f 3e 3e be 59 66 66 e6 58 24 96 9b f1 77 3b ff e5 68 90 ca bc 91 94 94 d4 05 f5 ed cf 9c 39 13 c4 7f 63 62 62 ba 73 1d be c6 5a ae 6c d5 1a 62 06 b2 61 5d 0a fa f6 ed bb 0c ce 38 2b 2f 2f cf 01 91 1c 70 e2 c4 89 01 3c e5 02 0d a0 77 06 ec cb 90 cb ef d8 b1 63 33 a6 df 09 16 16 16 dd f5 f4 f4 d6 62 e0 ab 99 2f 63 e7 ce 9d 19 a8 6f 26 9c b5 41 5d f4 6a 6a 13 ca ed 85
                                                            Data Ascii: E]wp{>>>.rZ[:bRgKg=W{l '(`.8|O;cZNAvtxYq+$;CjZbmD#??!xSU]?>>YffX$w;h9cbbsZlba]8+//p<wc3b/co&A]jj
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 89 81 99 e1 2e 78 e3 81 77 e4 25 01 7b e2 26 01 01 01 1d 91 3b 8c e7 72 0a 50 d7 9b 9d 63 d5 aa 55 76 32 df d4 d4 d4 85 23 62 f0 e0 c1 c3 64 be b1 b1 b1 27 f8 ff d9 b3 67 4f a6 c2 f3 f4 f4 bc c5 1d 3c 67 ce 9c 29 6a d9 c2 21 3f 52 95 bf cd e5 c5 c0 d7 5f b7 6e 5d 4b 38 72 2c 92 d6 00 4e 06 81 81 48 6a 73 65 59 98 51 36 72 ae 51 07 bd 3d 31 e5 47 c8 7c b1 55 6e 0c 74 43 b0 d8 33 6f d0 a0 41 ee 3c a3 20 0f 3a a3 c1 be da 69 ed 64 9f 6f 02 9d 53 52 b7 2f 0f 75 39 11 5d 4e df 87 95 d3 89 e0 f3 e4 bb 31 85 fa 37 5b 40 f3 da ed 24 af 19 b9 e4 6d 92 43 81 70 82 30 c5 09 30 13 9c 80 13 9c 3e 79 99 4a 8b 6f 90 93 6d 34 6f 19 cd b5 f9 48 83 01 de 8c a9 ee 26 22 88 18 88 98 eb ab 57 af b6 52 bd 11 d3 c5 12 90 e6 e1 e1 e1 84 35 75 17 97 53 80 67 b3 81 56 e6 e6 e6 9b
                                                            Data Ascii: .xw%{&;rPcUv2#bd'gO<g)j!?R_n]K8r,NHjseYQ6rQ=1G|UntC3oA< :idoSR/u9]N17[@$mCp00>yJom4oH&"WR5uSgV
                                                            2024-09-27 06:30:41 UTC1369INData Raw: 4c 93 3d c6 8d 1b 67 81 a9 f3 18 96 82 2a cc 10 c4 c0 cc c0 09 ed 3c a0 29 f0 81 d0 f9 15 f0 b9 a8 a7 03 b4 04 86 02 93 64 d9 02 9d 80 71 ac 57 d4 fb 58 d4 69 28 6c ef 27 9e cd 05 a6 8a fa 6d 45 5b ea b3 7d 5a e8 6d 20 66 4e 3d 21 7b ba 28 f7 29 f0 96 9c 6f 69 b4 ef 59 b4 cd 2c 2c 34 2d f6 1c 25 1f 28 a3 44 df b3 74 10 1f 8f 3e ff fb 04 9a d1 6a 0b f9 cd 2d 22 ef c5 39 74 c0 e6 14 45 6c 2e a0 23 7b 4b 28 25 fc 3c 15 a6 5f a7 c2 dc 1f 29 d0 25 85 06 76 9b ce 59 aa f1 8b 3c bb 07 bc 29 50 5f bd ad 14 9d d8 14 68 cc 4e 22 ed d5 df 16 4e d4 50 55 af 21 d6 db 55 d8 53 97 cd 9b 37 2f 10 b3 c9 29 38 00 31 90 bc 15 71 b2 26 e4 c8 a4 d6 f9 96 d0 ab 96 dd 40 e8 04 70 2d 91 ea f9 7b 9a ca 68 a9 57 96 ad ab e1 79 ed f6 c9 14 ec 74 92 52 22 cf d1 51 af 12 4a f0 28 23
                                                            Data Ascii: L=g*<)dqWXi(l'mE[}Zm fN=!{()oiY,,4-%(Dt>j-"9tEl.#{K(%<_)%vY<)P_hN"NPU!US7/)81q&@p-{hWytR"QJ(#
                                                            2024-09-27 06:30:41 UTC456INData Raw: b0 1c e0 46 0b fa ec 20 dc 06 03 7f 3a 61 7f ff 34 12 79 fd c6 4f c5 4c 4b 4a 4a 2c d8 db 79 30 c5 7a 3e 19 11 b9 94 a3 4f d5 b0 b6 88 06 0b 5e 1b 81 59 f8 21 87 19 0f 38 de b5 0f e7 f2 cc e3 fa f8 51 c9 7c 96 a7 d4 d5 e4 08 9a 74 b2 b3 f1 32 c2 f9 08 60 a5 d4 13 36 9b b3 1e fc 4a c9 02 5f fa 86 82 ad 44 f8 64 a5 5d fc 1c ce 3d 47 ed 08 b2 4e b1 ae 4f e6 32 f8 ca a9 1e b8 a6 8a cc af bf fe ba 3b 7e a7 f0 b4 6d 80 11 2f 31 3c e0 bc 7c 88 a5 71 32 db 24 02 41 6a b3 8a 16 0d de e8 38 f7 8b 2d d4 aa 49 e7 dc 7a 7f 1d d2 e5 88 40 56 3f 07 1f 83 78 ca 54 3a c9 60 da b4 69 8b 98 cf eb 21 37 8c f3 08 6e b8 54 d7 88 eb e0 f3 2d 47 29 43 47 ec 72 4c d1 a1 0b b8 be 98 e2 eb c9 75 f1 d9 76 20 df cb 46 68 d2 89 9d c7 02 be c7 da 3b 85 67 2d 9c 78 9a a5 38 c2 a4 49 93
                                                            Data Ascii: F :a4yOLKJJ,y0z>O^Y!8Q|t2`6J_Dd]=GNO2;~m/1<|q2$Aj8-Iz@V?xT:`i!7nT-G)CGrLuv Fh;g-x8I


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            53192.168.2.456586104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC777OUTPOST /v1/ HTTP/1.1
                                                            Host: api.prntscr.com
                                                            Connection: keep-alive
                                                            Content-Length: 60
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            Accept: application/json, text/javascript, */*; q=0.01
                                                            Content-Type: application/json
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Origin: https://app.prntscr.com
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:41 UTC60OUTData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 5f 75 73 65 72 69 6e 66 6f 22 2c 22 69 64 22 3a 31 2c 22 70 61 72 61 6d 73 22 3a 7b 7d 7d
                                                            Data Ascii: {"jsonrpc":"2.0","method":"get_userinfo","id":1,"params":{}}
                                                            2024-09-27 06:30:41 UTC458INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:41 GMT
                                                            Content-Type: application/json
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            Access-Control-Allow-Origin: https://app.prntscr.com
                                                            Access-Control-Allow-Credentials: true
                                                            Access-Control-Allow-Methods: POST, OPTIONS
                                                            Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c99724e7a7641de-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2024-09-27 06:30:41 UTC98INData Raw: 35 63 0d 0a 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 69 64 22 3a 31 2c 22 72 65 73 75 6c 74 22 3a 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 72 65 71 75 69 72 65 64 22 7d 7d 0d 0a
                                                            Data Ascii: 5c{"jsonrpc":"2.0","id":1,"result":{"success":false,"error_message":"Authorization required"}}
                                                            2024-09-27 06:30:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            54192.168.2.456589104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC750OUTGET /2023/07/24/0635/img/icon-lightshot-144.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                            sec-ch-ua-mobile: ?0
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            sec-ch-ua-platform: "Windows"
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://app.prntscr.com/
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:42 UTC512INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:42 GMT
                                                            Content-Type: image/webp
                                                            Content-Length: 10382
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origFmt=png, origSize=14313
                                                            Content-Disposition: inline; filename="icon-lightshot-144.webp"
                                                            ETag: "64be1bfb-3817"
                                                            Expires: Fri, 27 Sep 2024 06:33:17 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: HIT
                                                            Age: 1645
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997250cf658c93-EWR
                                                            2024-09-27 06:30:42 UTC857INData Raw: 52 49 46 46 86 28 00 00 57 45 42 50 56 50 38 4c 7a 28 00 00 2f 8f c0 23 10 4d 28 6a db 06 52 97 e7 ca 9f f0 8e 52 88 e8 ff 04 28 ad aa 84 0c 9c 10 31 7f 44 ac 36 17 e7 83 ef 86 23 86 6d bf 56 3d eb 20 b0 fd f2 a2 13 96 96 2d a9 0d a3 f0 ad bd 95 2e 20 c7 b6 ad 2a 5a b8 8c c8 3f ba 83 8c a9 8b 6b 7b bf ff 53 80 5b db b6 6a 65 8e 1f 19 ee ce c2 9d 02 18 f4 5f 04 21 83 d8 5d 02 47 8e 24 39 4a e2 3d 8c 78 01 8f e0 ff af e0 e8 ea c8 b1 d5 5a 53 1a 8d 46 fd 9f 00 e8 bb 9f 0b e8 7d 96 9a 7a 69 fa ac 7f 46 0f 1e 9f 33 69 26 ed dc cd 45 b7 e1 d6 a0 c1 c2 20 42 b6 a6 2e 2b 45 c3 d5 20 ad a6 6a c4 55 73 de 3a d4 7f de c7 29 49 b6 8a a9 e5 7d d8 df a7 0d da 47 71 16 48 68 1f 0a 85 ee b9 75 94 f5 9b 21 a1 6d 28 14 3a ab f5 58 1b 0a 1b 53 bc 85 7a 28 14 3a 6b 47 0d fe
                                                            Data Ascii: RIFF(WEBPVP8Lz(/#M(jRR(1D6#mV= -. *Z?k{S[je_!]G$9J=xZSF}ziF3i&E B.+E jUs:)I}GqHhu!m(:XSz(:kG
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 5b 7b ad 3d e7 48 4b db b6 1d 93 24 5d f7 fd bc f1 45 24 aa b2 c7 b6 ed d9 79 b6 b6 67 df cb 59 9b 3b ae 3d b3 9d 3f 60 db b6 ed 72 65 66 54 c4 f7 3d b7 07 da b6 4d db b6 6d 2b 96 da 5a 1f e6 9c 73 d9 d6 b6 6d db b6 6d db b6 f7 b2 6d db b6 8d 69 7b ce 3e c6 e8 68 b5 4e 40 80 7c ca e2 45 7c e3 dd 07 8c 34 ae f4 ce 4b bb 9f 5b e3 c5 23 8c f9 9f 7a fd 80 5e f8 cd 32 b1 0f 4c 8c 2c fa e3 e4 59 11 c6 5b b7 73 0e 98 ff b2 ef c4 88 e2 52 bf 70 fb 74 5c e3 7f 3d 8b 62 a0 b0 cd f5 3d f6 f3 69 24 31 9d 38 8e 6f cd 89 8b 4f 5a d8 e6 8e 89 a6 7a 1e 4b 8c 24 2e ed 33 b7 bf b0 a9 1c 7c 35 e6 29 3a e8 71 93 9a ec bf e3 7f 31 82 b8 b4 0f 32 56 03 ff 5b 8b 31 da 95 43 cf ca 95 70 86 c1 23 8d 1c e6 7f 9c 3a b2 bf c3 5f d7 ce e9 a0 98 87 0e 8f d2 37 39 8b a4 3e f7 b3 5f 18
                                                            Data Ascii: [{=HK$]E$ygY;=?`refT=Mm+Zsmmmi{>hN@|E|4K[#z^2L,Y[sRpt\=b=i$18oOZzK$.3|5):q12V[1Cp#:_79>_
                                                            2024-09-27 06:30:42 UTC1369INData Raw: ce 3e b3 21 c5 11 4d 41 9b 74 49 c7 28 35 14 29 3a b7 b6 d4 83 11 df e3 a0 ae be bb c4 54 10 42 e8 9c 12 5d 24 03 ba 22 e7 8c 4c a6 0d 52 ab 5a 17 36 66 09 73 d1 2b eb 9d 17 cf 43 23 8d e0 51 a8 16 98 e1 05 13 ee fd 12 e5 df 33 71 e5 a6 6e e9 ef 69 61 22 6c 4b e9 8c a9 df 23 49 d8 06 02 3a dc b7 f0 51 df 6f 65 83 e9 4b 7f ff e1 b3 e2 d1 1f 99 a5 ec 3a d7 6d 57 ab 68 a9 6a 56 97 53 54 84 8a 21 89 cb 3f aa b1 be d0 9f 1c 9f 22 e5 c5 dc 33 4b 32 90 2d 3d 2f f4 3c c7 09 45 44 4f 0e b1 c2 0d cc 82 97 f9 be 0b f3 63 7d bc ab d9 f5 82 75 4c d4 22 54 24 79 67 a5 5a a0 13 95 5b b5 b5 3e 00 a9 98 b2 42 55 66 4a dd d0 f3 3c dd 61 da fa 42 12 75 77 5e e6 9b ff 2e 06 22 a9 67 26 d2 ef 58 33 35 da 02 1e 45 93 90 4a d9 ec d6 0a a9 61 06 95 28 90 aa 85 44 f3 fe 3d 47 92
                                                            Data Ascii: >!MAtI(5):TB]$"LRZ6fs+C#Q3qnia"lK#I:QoeK:mWhjVST!?"3K2-=/<EDOc}uL"T$ygZ[>BUfJ<aBuw^."g&X35EJa(D=G
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 0e 73 a0 06 5b 9f b0 b5 96 b9 b5 6b 7e cd 0c fb 9c a3 d8 a3 17 07 8e 25 d8 fe 65 04 ec 99 52 4a db 2e f4 a5 2c 9c c3 2c ad 6e 14 04 18 30 98 4c 32 91 64 4b c8 91 24 30 53 58 40 33 ec db 1a a6 b1 25 d3 7c 7c fb 79 fd 23 52 4f 6e 06 f2 eb 48 6f 98 d7 83 c0 96 ae 69 f4 36 59 dc 17 b5 2b 44 aa 89 82 80 14 25 c8 54 f5 35 4c a9 c6 84 d5 1f 6d 2b d3 db 00 fd 8a 19 36 e0 e3 c7 63 a7 3e 20 f1 1d 02 8a 16 49 a5 68 0f 7b 0f ec 91 bf 35 60 69 6f ad cf ad 7e 2c 91 28 c1 e4 e4 b8 66 21 39 ea b6 9a e6 b2 c9 1d dd 67 4a 17 b4 19 06 ba a6 65 b8 55 65 9a 41 9f 9c b2 0d 5e dd 8b 90 7c 7a ad 55 55 5d c9 22 ed a3 49 f5 5b 5d 48 1b 81 82 86 c9 b4 00 bb 3b 3b 73 bf a4 8d 63 a6 9d dc 99 67 ea b6 9d 26 5f 1d 78 05 69 cf d1 29 ae b3 ce 02 36 74 87 7e dc 26 72 5a 26 64 dc de 29 16
                                                            Data Ascii: s[k~%eRJ.,,n0L2dK$0SX@3%||y#ROnHoi6Y+D%T5Lm+6c> Ih{5`io~,(f!9gJeUeA^|zUU]"I[]H;;scg&_xi)6t~&rZ&d)
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 7f b7 23 6e 87 6f c7 15 7f 5a 3f 6f 93 3f ea 49 56 0d 60 42 42 4a 45 aa 32 a3 40 28 7b e9 b8 f7 06 94 92 b7 eb 06 6c 9f bb 67 9e 92 6e 58 55 d6 bf b3 e0 49 56 79 ca aa ca 29 37 94 13 de 84 65 df ae 22 7f eb 7f 3f 18 f8 c0 84 5b e1 eb d2 98 de 5b 3f ef 58 ab fa 78 93 34 b3 cc 38 25 e9 92 8a b9 02 8d 02 48 bb eb 49 33 64 a1 4b a6 14 c7 a7 35 ce c8 44 b3 85 7b 0a 5b d5 51 f4 24 ab 05 0b 01 99 93 b0 d1 76 ac 09 25 1c c9 b0 b4 90 32 7a 15 1d 6e 8b 14 6f 13 7c 79 17 b8 f3 71 c9 a5 8f 59 2d fd 65 fd 7c ab b3 9d bf b7 98 cb 1f 8a ea 4b 2c 35 69 29 72 42 7a d4 25 02 76 89 a2 32 84 48 d2 40 42 47 18 c9 6c d3 cc af e3 99 2d 64 da 36 e4 94 41 2b 92 82 fa 77 2d 4c 97 e9 61 05 4b 04 04 c1 c2 04 7f cb ff bd 21 22 49 fc 7c b7 28 dd d0 ef 83 7e bf e8 0b b4 b6 4e ba 7e 0e
                                                            Data Ascii: #noZ?o?IV`BBJE2@({lgnXUIVy)7e"?[[?Xx48%HI3dK5D{[Q$v%2zno|yqY-e|K,5i)rBz%v2H@BGl-d6A+w-LaK!"I|(~N~
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 82 1a 00 fd 08 03 06 81 4c 39 de 98 cb cc 96 32 97 63 ce fd d6 45 c8 2d d0 6e d9 b5 b8 dd fe ff e0 7d ff fa ff fd 72 ef 72 cb da bc ac 57 df 71 db 78 f2 8c 34 41 4a 29 49 4e 91 61 8b 2d 6e b1 87 88 0e 81 c3 03 6d 47 20 7c 4f 66 ca cc 79 23 8b 43 d8 83 dd 54 aa b9 79 fb e1 0e f8 17 da 38 ec a3 b9 77 b9 65 ad 6a e3 f2 e2 04 5d 1d 8d 1e 5d 0e 53 76 7d 60 2e 85 66 62 3b f0 a4 0c 38 7c 76 23 ed 21 61 7a a6 38 88 6c 43 bb b9 ee fe 6d 98 47 97 c6 f2 b3 c1 69 7b 38 60 3d 57 f4 2d 8a 00 39 d1 41 99 14 4c 44 cd f3 e2 22 64 91 94 52 7a a4 d2 84 0d 24 de 58 a7 db bf 90 e3 01 c7 83 79 95 89 06 e3 f7 dc 3c 66 6c 61 dc b4 c9 b7 09 37 75 6a f9 79 ff ee 4e 67 01 d6 71 c5 df 72 82 43 19 8a 41 31 e9 f9 df fa 45 cb 88 d5 53 8d 98 2c e3 2c a7 90 d4 05 39 39 17 c4 25 72 d0 78
                                                            Data Ascii: L92cE-n}rrWqx4AJ)INa-nmG |Ofy#CTy8wej]]Sv}`.fb;8|v#!az8lCmGi{8`=W-9ALD"dRz$Xy<fla7ujyNgqrCA1ES,,99%rx
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 4d d1 bb 9c 3f 2f 66 1a 7f f9 6f 91 ae 6f 72 e0 d1 47 ed e3 80 dd 03 bb 84 88 b0 d9 67 d9 f8 8a 5f 16 35 7e f2 93 39 5c e1 24 9a 5a 8d 0b f7 9c 30 a8 51 8e 1f a9 b1 de fd 2c 99 71 f3 96 3f 27 ef bc cd fc 3d 1e 3c 7c d5 3b fe 99 2c fe f1 d1 80 9b 5f f2 49 b2 e4 b3 e4 bf 1e 39 b5 07 b9 0b 9e f8 7b 38 12 c4 42 3a e4 21 79 8a 9f 10 85 e6 c0 be 08 9a 83 c8 2a 71 00 b1 05 76 2a 0f 8e 1d 2a f9 3c 7c 58 55 ce 0c 2b 90 49 d3 87 3c a4 fe b8 9f f5 75 2e 74 ba 65 52 7a ef 89 54 59 cf 9a 09 16 c2 b5 1e 88 da c1 b6 6e b2 10 d3 2c 94 75 c9 fc 78 22 db 36 c1 18 0a 62 27 9f 24 4b 2c d1 07 cf 08 82 9b 08 ce 11 4f fc 65 d0 7d fb b7 3f 24 cf ca 5d e1 0e f4 4e 20 41 ee ef 5f 0b aa b4 7f 10 cb 8f ec b3 bf af 7b aa 07 3f d5 83 8f 8e 56 e0 a3 04 1f 47 e5 2f a7 e1 24 4e 3f fa b7
                                                            Data Ascii: M?/foorGg_5~9\$Z0Q,q?'=<|;,_I9{8B:!y*qv**<|XU+I<u.teRzTYn,ux"6b'$K,Oe}?$]N A_{?VG/$N?
                                                            2024-09-27 06:30:42 UTC1311INData Raw: 0a 14 6b 58 88 09 b7 77 27 e2 18 e7 b3 c8 e3 64 c7 de e2 6f 36 b4 aa f4 3f 88 e3 80 47 c2 23 af 07 ae 7e 16 f8 df 9d 12 82 40 bd 0a 9b e3 80 14 60 89 8f 44 d9 e5 ff 03 36 03 4d b0 cc 39 2c 61 88 bc 5f 9e 46 4b 19 2d c1 ca 25 68 c9 27 2f f9 24 c2 8d cf fc 61 21 95 fc ea 57 7b 23 b4 25 a3 56 02 ca 79 b0 4b b7 fb 3d 50 05 66 97 bf c4 94 f0 8f 78 66 c4 41 c1 7e 14 6c ce 4a 05 ba 00 28 a0 ff 7b 51 7c 8e 75 7d 3b 38 48 51 14 dd 62 2d 6b 30 25 6c 0b ee c2 85 65 6c c7 58 f3 11 30 cf 2a 35 88 e3 fc 27 1e 74 2d 61 f9 73 85 ff af 13 ee 77 02 ba 1a d0 61 58 70 17 07 de 06 62 6d 06 cb be 60 5c c9 7f 0c a8 70 f2 68 fb 82 8a 0f 39 ec 4a a8 f3 61 fd d1 95 24 58 32 d1 55 7c 96 80 32 34 17 a0 72 cf 67 21 da 1e 70 41 1d a5 0c ef e2 2b c0 94 31 93 2a 6f 81 31 81 d8 e6 fc 1b
                                                            Data Ascii: kXw'do6?G#~@`D6M9,a_FK-%h'/$a!W{#%VyK=PfxfA~lJ({Q|u};8HQb-k0%lelX0*5't-aswaXpbm`\ph9Ja$X2U|24rg!pA+1*o1


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            55192.168.2.456590104.23.139.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:41 UTC486OUTGET /favicon.ico HTTP/1.1
                                                            Host: app.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:42 UTC298INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:42 GMT
                                                            Content-Type: image/x-icon
                                                            Content-Length: 5430
                                                            Connection: close
                                                            Last-Modified: Sat, 16 Oct 2021 23:13:24 GMT
                                                            ETag: "616b5c94-1536"
                                                            CF-Cache-Status: HIT
                                                            Age: 681
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c997250bd8ec41b-EWR
                                                            2024-09-27 06:30:42 UTC1071INData Raw: 00 00 01 00 02 00 20 20 00 00 01 00 20 00 a8 10 00 00 26 00 00 00 10 10 00 00 01 00 20 00 68 04 00 00 ce 10 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 80 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 44 99 1e cc 63 9f 55 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 35 7f 18 bf 4c 92 c5 d4 aa aa 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: & h( @ DcU5L
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 89 b2 57 ce 85 b4 ff d8 81 b5 ff a9 49 7e ff 79 22 50 fc d0 72 ac ff d9 85 b6 ff cb 82 a9 ff ba 75 96 ff b0 6a 88 ed ab 68 85 84 b6 6d 91 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 99 bb 1e ca 8d b6 ff dd 96 bf ff d2 7a ac ff 93 38 6a ff 8d 32 66 ff d3 70 ad ff dc 85 b9 ff de 97 bf ff d3 96 b4 ff c0 83 9f ff b2 71 8f f9 ab 6b 88 9f b1 73 8b 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: WI~y"Prujhmz8j2fpqks!
                                                            2024-09-27 06:30:42 UTC1369INData Raw: c5 ff d8 87 b5 ff bd 5d 93 ff 9e 3d 6f fd ab 45 81 ff d1 68 a8 ff db 7d b6 ff df 92 bf ff e3 a7 c7 ff e6 ba cf ff e4 c4 d0 ff c6 96 a9 ff bd 87 9b 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 93 b5 2d c2 8f b4 db d0 a0 be ff e0 ae c9 ff e2 a3 c5 ff dc 8c bb ff c5 65 9c ff ad 47 7f ff ac 45 80 ff cd 64 a6 ff da 7a b4 ff de 8f bd ff e2 a4 c6 ff e6 b7 ce ff db b2 c3 ff c1 8c a1 fc c2 8b a3 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc 99 bb 0f be 88 ae ae c8
                                                            Data Ascii: ]=oEh}-eGEdz*
                                                            2024-09-27 06:30:42 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ba 6f a5 7e d4 7b b2 ff bf 50 96 f6 c9 3f 94 d5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 7b ae 7e d8 7a b3 ec ce 41 9b c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: o~{P?{~zA
                                                            2024-09-27 06:30:42 UTC252INData Raw: ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 c9 93 b7 12 ca 83 b2 c7 d9 77 b3 fe ce 5c a3 f6 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 cf 8d b7 7c d3 6b ad f0 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 ff ff ff 00 d6 84 b7 7d ff ff ff 00 bf ff ff ff 9f ff ff ff 8f ff ff ff 83 ff ff ff 80 7f ff ff 80 1f ff ff c0 0f ff ff e0 07 ff ff f0 03 ff ff f8 03 ff ff fe 01 ff ff ff 01 ff ff ff c1 ff ff ff e1 ff ff ff f9 ff ff ff fd ff ff
                                                            Data Ascii: w\|k}


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            56192.168.2.456591104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:42 UTC478OUTGET /v1/ HTTP/1.1
                                                            Host: api.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:42 UTC211INHTTP/1.1 403 Forbidden
                                                            Date: Fri, 27 Sep 2024 06:30:42 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            CF-Cache-Status: DYNAMIC
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972525e047c84-EWR
                                                            2024-09-27 06:30:42 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                            Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                                                            2024-09-27 06:30:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                            Data Ascii: 0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            57192.168.2.456592104.23.140.124431860C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:30:43 UTC516OUTGET /2023/07/24/0635/img/icon-lightshot-144.png HTTP/1.1
                                                            Host: st.prntscr.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-US,en;q=0.9
                                                            Cookie: _gid=GA1.2.2001955101.1727418640; _gat=1; _ga_0DR1D0LZJH=GS1.1.1727418639.1.0.1727418639.0.0.0; _ga=GA1.1.698250061.1727418640
                                                            2024-09-27 06:30:43 UTC430INHTTP/1.1 200 OK
                                                            Date: Fri, 27 Sep 2024 06:30:43 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 13345
                                                            Connection: close
                                                            Cache-Control: max-age=1800
                                                            Cf-Bgj: imgq:100,h2pri
                                                            Cf-Polished: origSize=14313
                                                            ETag: "64be1bfb-3817"
                                                            Expires: Fri, 27 Sep 2024 07:00:43 GMT
                                                            Last-Modified: Mon, 24 Jul 2023 06:36:43 GMT
                                                            Vary: Accept
                                                            CF-Cache-Status: REVALIDATED
                                                            Accept-Ranges: bytes
                                                            Server: cloudflare
                                                            CF-RAY: 8c9972587b460f7d-EWR
                                                            2024-09-27 06:30:43 UTC939INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 90 00 00 00 90 08 06 00 00 00 e7 46 e2 b8 00 00 33 e8 49 44 41 54 78 da ed 9d 07 9c 1d 57 79 f6 9f 73 a6 dc b6 f7 6e d7 4a ab 5d ad ba 65 49 96 6c cb 15 13 6c 13 17 82 c1 7c 26 26 90 10 7a b5 03 18 08 21 81 04 04 f9 08 29 7c 09 24 0e 06 1b 9c 80 bb 25 e3 de bb 8c 2b b6 2c 63 ab b7 5d 6d d1 f6 bb f5 b6 99 39 e7 7c f7 9e 99 d9 b9 b3 73 77 55 90 64 95 fb f8 f7 fa cc 9c 7b 57 2e fb ff bd e5 bc e7 cc a0 ac b2 ca 2a eb 80 f5 8b 8b d6 9f 8c b2 ca 3a 18 3d f2 b3 0d 73 ef fa ca 9b 9f 47 59 65 1d a8 d6 ac 5e a3 3f 71 fd 1b b7 dd fa 89 0d 3f 12 10 04 65 95 75 20 ba fd 9b 8f be e3 a9 1b 37 a6 6e 78 df 2b 0f ae 5e 2d 28 ca 2a 6b 7f 75 eb 55 0f 56 af fd ce 53 6f de f7 9f 1b d2 d7 5f f4 f2 2b ab cf 7f 46 c5 1f a8
                                                            Data Ascii: PNGIHDRF3IDATxWysnJ]eIll|&&z!)|$%+,c]m9|swUd{W.*:=sGYe^?q?eu 7nx+^-(*kuUVSo_+F
                                                            2024-09-27 06:30:43 UTC1369INData Raw: 3a ea 75 f3 97 1f 4e dc c4 ef ff 9b 58 22 fe 8d da 39 8d 61 3d 12 81 b0 88 07 8e 84 c7 bb ce 66 0c 74 75 f7 a2 4a d4 40 53 74 e9 75 a8 42 24 40 50 04 c0 e4 b0 bb ec 81 8e 73 09 21 c8 8d 57 df 7b 36 55 f0 42 ed 9c 59 7f df b0 78 6e 58 8f 46 c1 2d 62 87 2b af da f2 95 ed 3d fd 03 60 69 81 04 ad 04 2d 82 87 68 b6 cb e0 84 81 c7 b2 6d 65 0f 74 1c eb fa cf df 5f 77 d3 97 ee ff 76 a2 3a f1 99 da 39 33 13 72 65 99 c3 a9 b4 fc 9e 47 58 6e e5 c5 31 3a 3a 8e de be 7e 34 69 73 a0 50 0a a2 da f0 b8 21 cc 84 09 0e de f5 8d db 2f 1f 2c 03 74 9c aa 10 b2 a0 88 35 35 4d f5 17 56 36 d4 81 52 d5 01 06 ce e8 37 e6 8c d9 b4 81 f6 ee 2e c4 91 40 58 09 db 89 b3 4a 1c 88 00 aa 11 08 c6 21 14 f1 16 00 51 0e 61 c7 a9 88 26 fe a4 66 76 fd bb aa 67 37 94 80 c7 0b 5b d2 26 42 17 43
                                                            Data Ascii: :uNX"9a=ftuJ@StuB$@Ps!W{6UBYxnXF-b+=`i-hmet_wv:93reGXn1::~4isP!/,t55MV6R7.@XJ!Qa&fvg7[&BC
                                                            2024-09-27 06:30:43 UTC1369INData Raw: 11 96 84 c5 07 0f f3 da 11 5e 57 dd f2 79 20 c7 00 45 e8 5a 58 89 7f 24 67 70 52 c8 79 2c 66 da f0 68 6a 89 72 3d 00 8f 1c a9 4e 7d e5 bc a0 02 59 23 07 85 f2 87 00 a0 0c d0 db 27 b9 d5 c2 cc 44 2e 54 c3 fa b5 f5 0b 67 2c ac 69 ae 23 8a a6 41 30 1f 38 d2 84 0d 49 10 1e d3 9b 0f 98 45 90 87 87 b6 f6 b6 83 0b 86 85 f5 0b fc f0 f8 01 72 80 f1 c1 14 58 0b ca 19 06 b2 d9 dc a0 18 ae 59 0f 00 e5 1c e8 6d d2 6d 5f b9 af c1 48 47 6e ac 6c ac be 77 fe b9 0b 17 cd 58 38 93 28 ba 56 c2 eb f8 3c 8c bf 09 2a 8d 07 9a a4 ee 75 3a 93 c5 ce 9e 36 08 c1 b0 a0 6e 3e 34 4d 2b 09 8f a2 bb 5e 67 7a 78 04 e1 e8 ed 4e 22 39 38 fa d4 17 6e 38 c3 2a 7b a0 23 2f b9 92 6c b4 84 3e 16 ae aa f8 97 ba 45 33 1a aa 66 d7 40 51 55 09 89 1f 1e cf bc fb 40 02 ed c0 04 df 77 98 c5 91 4e 65
                                                            Data Ascii: ^Wy EZX$gpRy,fhjr=N}Y#'D.Tg,i#A08IErXYmm_HGnlwX8(V<*u:6n>4M+^gzxN"98n8*{#/l>E3f@QU@wNe
                                                            2024-09-27 06:30:43 UTC1369INData Raw: bf 5f b3 b0 f6 ea c6 95 cd 7a 28 16 82 10 b0 3d 8f 9b eb f8 e1 f1 3c 89 09 0f 1e cf c3 04 e0 71 81 ca 65 4d 19 b2 da 7a da 50 1d 8a 63 6e f5 7c e8 6a c8 7d 3e cf 3e b6 64 00 c4 6b 92 3a d5 19 7c 80 f9 fe 1c b5 08 1e e7 da 34 4c f4 75 0e 99 44 e0 df 27 c3 53 6e a6 1e 84 96 c6 cf 98 ad 25 f8 5d 33 97 cf ba 66 ce 99 2d 7a a8 c2 85 c7 85 c6 f3 36 de 9a 8e 07 85 30 8a 9f 3f c8 1d 50 82 e0 30 c3 3e a3 be bd 7d 17 de dc b9 01 f5 e1 1a cc af 59 0c 5d 9e 55 a7 20 a5 b6 62 e8 7e 4f e3 c1 53 00 a7 24 3c 5e ee 64 9b eb 89 a4 81 00 43 03 63 18 1d 4a af ab de 3c ba 03 8e ca 2b d1 07 a9 93 63 ab ce 54 a3 e1 9b 1b 57 ce 3e a9 ba a5 16 54 a1 5e be c3 31 01 8f 90 e6 df 08 c6 83 0b 80 81 87 1a 78 55 16 43 72 68 18 1b 77 6f c1 40 b2 1b a7 37 9f 81 19 95 de 51 63 af c9 19 84
                                                            Data Ascii: _z(=<qeMzPcn|j}>>dk:|4LuD'Sn%]3f-z60?P0>}Y]U b~OS$<^dCcJ<+cTW>T^1xUCrhwo@7Qc
                                                            2024-09-27 06:30:43 UTC1369INData Raw: d3 bf c2 1c 84 c7 d3 e8 60 0a 3b df ec ea cf a5 73 57 01 c8 62 1a 95 93 68 c7 f3 24 72 3d d7 d4 cc af fb c1 ec d3 9b b4 d6 2d bd 63 51 b3 a1 0b 00 2c 6e 7c a6 a2 be 3e 4a 09 f5 85 2d 51 72 7d 07 25 ab 2d 66 72 8c 0c 8d e1 89 e7 9f c2 cb 1b 9e 97 9b be 2e cd 97 e8 cd 75 73 bd 5f ae ef 95 01 8e e9 93 ab 2d ea 42 e2 9d 55 f7 d9 d4 5d 75 7f b2 0c fb 9e 04 e0 91 2b ce db 5e ef 60 23 03 63 3f c8 d4 6f dc 82 e9 55 f6 40 05 2d 4e 8d 7f ae aa a5 fa 87 4d a7 37 85 04 a1 b0 0c d6 d7 11 1e e5 cb 6a 2e a8 08 c7 42 ef 8f 54 c6 c0 99 d8 37 3c c1 9d 83 12 9e 81 fe 24 d6 3c bc 06 2f ae 7f 0e b5 b1 19 f9 32 fd 4a 0f 1e cf 3c 00 02 c9 30 95 e6 85 2d 4c 5b b6 93 92 5b 32 f6 0d 8f e0 02 9d 3b 07 0a e1 eb d9 cc d8 f8 0d 00 38 a6 d3 09 0f 50 0d e8 e2 f0 aa cf d6 cc ab b9 76 ce
                                                            Data Ascii: `;sWbh$r=-cQ,n|>J-Qr}%-fr.us_-BU]u+^`#c?oU@-NM7j.BT7<$</2J<0-L[[2;8Pv
                                                            2024-09-27 06:30:43 UTC1369INData Raw: 34 85 b4 70 c8 83 c7 6d 47 f8 9f b9 2c 8d 40 91 2f 65 a3 44 25 1e 34 9e b1 bc 0d e7 e1 b9 e5 9e 5b b0 75 f7 66 27 61 5e 81 f7 ac fc 00 c2 a1 b0 e7 1d a6 ed 90 7b 5d f5 a9 5e 1f 40 8a e7 75 ff 9f 43 25 34 de 48 a4 95 6e 4d e4 32 f2 24 29 5e 7b 6a 1b 5e 7e 6c f3 6b c9 b1 cc 1f 01 d8 8c 63 44 2a de 26 9d 8d b3 43 e3 55 ca 75 b3 96 35 ce 09 55 46 8a 0e fa 01 b0 bc b0 c5 27 9d db 22 9c 80 72 3a 97 40 a1 cc f0 0e 04 0a 27 8c 25 07 87 70 eb 7d b7 62 47 eb 36 68 8a 8e a5 b3 57 e2 e2 e5 97 21 12 76 e0 d1 e0 5f 09 f6 1d 2b c6 be 1e 2b e7 7f c5 80 57 b1 79 a1 6b 72 4f 8b 12 08 e2 9e bb e7 b0 2c 8e 6c 2a 87 bc 97 41 b2 7b 14 bd 9d 43 23 f9 b1 23 35 9e fb b5 c8 58 d7 03 18 c3 31 24 22 20 f0 36 88 dc f9 ad 87 3e 5f b7 b8 e1 a7 b3 4f 6d 56 08 55 6c af e3 95 ea 45 de 27
                                                            Data Ascii: 4pmG,@/eD%4[uf'a^{]^@uC%4HnM2$)^{j^~lkcD*&CUu5UF'"r:@'%p}bG6hW!v_++WykrO,l*A{C##5X1$" 6>_OmVUlE'
                                                            2024-09-27 06:30:43 UTC1369INData Raw: df 34 30 90 3e 1f c0 43 c7 33 3c 47 04 a0 ea 2f d3 90 1e d1 af 89 d7 57 52 70 02 1e 78 55 52 b0 11 ea 1d f8 f3 e0 31 b2 16 1e 7d fe 11 6c 6d dd 0c 42 28 1a ab 9a 70 c9 a9 97 21 1a 89 94 38 72 83 40 0f 6b ba c6 a8 34 15 fe 7b 37 61 2e 82 07 0a 26 e6 40 3c af 33 9a 4c 63 c3 ba 1d 58 77 f7 1b 3b f7 6c d9 fb 51 3a ff a3 9f 02 d0 85 13 40 87 1d a0 d1 4a ba 24 5a 5d b1 44 8f 84 7c 4f c5 f0 1d af 31 7c 1b e2 03 9e c7 32 38 5e f9 fd cb 78 e9 f7 2f c8 5f 58 75 b4 16 97 9e 76 39 aa 13 d5 7e 40 bc 9c c7 97 28 07 1a a3 c1 9f f1 e7 48 aa 97 44 13 6f 0f b3 6f 2f 8f 10 f6 66 f7 ed 1b 3a f1 d4 da d7 86 5f 7f 66 e7 3f 75 76 8f ac 04 70 d7 f1 b2 ca 7c 54 94 f1 aa a2 fd 79 ac 26 1e 87 a0 4e 69 8e fd 7b bf 96 81 89 30 b6 b3 75 07 1e 5c 77 2f 18 b3 10 d3 e3 b8 60 f9 25 68 6e
                                                            Data Ascii: 40>C3<G/WRpxUR1}lmB(p!8r@k4{7a.&@<3LcXw;lQ:@J$Z]D|O1|28^x/_Xuv9~@(HDoo/f:_f?uvp|Ty&Ni{0u\w/`%hn
                                                            2024-09-27 06:30:43 UTC1369INData Raw: ac 91 93 2b c6 5d 7b fa d0 df 3b b4 3e 35 96 b9 55 ab 08 ff ea 98 dd cc 75 10 a1 e9 00 13 66 72 10 9f 89 c3 ba 0e b4 7d f5 65 94 80 9e 4a a1 d8 09 b4 81 e0 fa 4f 51 fe b3 b9 6d 23 b6 ec 79 13 2a d5 b0 6c ee 4a 9c b1 fc 8c a2 7e 96 97 df 50 ad 74 57 5d 10 8e 91 d1 31 6c d9 d4 8a e7 9f 7c bd ef 95 67 de ba 63 e7 ce bd e7 90 ce 6d e7 00 f8 f1 71 06 0f 99 c2 a8 63 64 df 50 ac a2 d2 ec eb fd 33 9f fc ff 0c 95 e3 d0 6a 61 f2 91 0a 42 63 f5 e0 0a 38 97 f0 04 5e 6e e2 56 64 a9 74 0a 8f ad 7f 40 86 ae d9 35 cd f8 e3 73 2e b2 e1 71 93 e1 69 5e 50 c2 c1 31 94 1c 43 7b 7b 0f eb dd 3b d0 96 49 65 6e 30 c0 7f dd 1d ae 1c 38 aa 13 e2 e0 da 8c 2b f2 87 79 08 af dc f6 e0 98 4a 19 02 2c 25 40 06 40 44 78 73 f0 dd bb d7 de 9f b5 5e 1c fe 32 3e 4b 62 88 29 95 dc 02 e0 82 93
                                                            Data Ascii: +]{;>5Uufr}eJOQm#y*lJ~PtW]1l|gcmqcdP3jaBc8^nVdt@5s.qi^P1C{{;Ien08+yJ,%@@Dxs^2>Kb)
                                                            2024-09-27 06:30:43 UTC1369INData Raw: fc ca 87 70 08 75 4a 48 24 5e d4 50 59 21 ec ad ac d2 fb 8c 65 c7 70 cb ef ae 87 69 19 f8 c2 27 be 80 79 f3 5b 40 14 60 68 6c 44 c2 33 3a 36 f6 17 ff ef e1 4f 3d 76 08 cb 73 72 70 e1 e8 7c 52 6a a1 6e 21 0c 39 9a 76 28 92 e6 e5 2b b5 2e 0c 12 18 09 8b 07 80 84 45 9a 9c 8b c9 6b 40 90 98 f3 99 f7 3d 61 7f 67 df 92 90 b8 de 26 ed 84 2b 82 b4 3d 4a 93 1e 87 53 28 a2 d8 fb f8 e0 71 bd 8e 07 0e df b7 c7 09 4a 85 89 43 26 02 25 2e 08 55 05 60 c3 c3 85 f4 40 1b f7 6e c0 48 7a 08 e7 ae 7c 07 e6 ce 9b 03 a2 0a 0c 0e 0f 63 db 8e d6 de d1 e1 f1 8f 00 78 16 47 46 44 da 94 a5 74 bf cc 5f bc 45 39 1b 96 b1 69 92 5b 8e 94 04 c2 0f 8a 0b 43 94 08 10 02 28 88 ca b6 6f 96 da 1e 42 10 0b c0 24 d0 28 4a ca 83 05 ce 18 0c 59 41 78 14 68 dc 0e 55 23 dc 2e dd 55 a1 43 e7 93 c0
                                                            Data Ascii: puJH$^PY!epi'y[@`hlD3:6O=vsrp|Rjn!9v(+.Ek@=ag&+=JS(qJC&%.U`@nHz|cxGFDt_E9i[C(oB$(JYAxhU#.UC
                                                            2024-09-27 06:30:43 UTC1369INData Raw: 62 c5 22 30 e4 7d 16 82 13 07 1c 05 2a 23 d0 ed d2 dc f1 36 1a 22 bc 13 09 06 6c 96 a0 1c ac c7 39 6a 3d 10 80 84 80 40 5f aa 1b 86 c8 60 e9 a9 27 a3 7d 4f cf 23 b5 f5 f1 3b 0e a2 da 52 80 a5 a4 09 a3 4a 06 43 ea 18 62 6a 01 1c 91 bf 0f 41 57 09 84 2a 60 29 59 30 05 30 0b c0 28 04 5c 11 79 23 50 a9 39 11 9e b8 a2 82 c9 6b c8 72 19 32 97 61 e0 ae 2b 29 f2 34 0c c1 f3 e0 2e 08 9e 97 11 10 70 13 5f 0f 12 08 0b 8c 3b 8b 79 cc 9e b3 0a 9f 33 02 a5 60 c2 80 c5 08 c0 29 54 f9 1d 1b 1c 21 3d 4c 26 6f 2a b2 4c c6 48 44 b9 5b 8e db 61 aa 5a 86 a9 83 c9 6f 8e 29 0f 44 08 a9 e2 42 60 63 f7 eb 38 e7 1d 67 61 70 70 a4 df e4 e4 af 00 e4 b0 1f ba e6 da 0f 3b e0 2c 54 ea 31 a2 19 48 a9 c3 b0 b4 30 62 2a 85 a9 01 9a ca 41 15 02 25 6f 28 00 a4 52 a8 12 1a 13 8c aa 50 14 80
                                                            Data Ascii: b"0}*#6"l9j=@_`'}O#;RJCbjAW*`)Y00(\y#P9kr2a+)4.p_;y3`)T!=L&o*LHD[aZo)DB`c8gapp;,T1H0b*A%o(RP


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            58192.168.2.45659452.165.165.26443
                                                            TimestampBytes transferredDirectionData
                                                            2024-09-27 06:31:08 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wRU+RlmW167yutC&MD=pYEwBk3e HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                            Host: slscr.update.microsoft.com
                                                            2024-09-27 06:31:08 UTC560INHTTP/1.1 200 OK
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            Content-Type: application/octet-stream
                                                            Expires: -1
                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                            MS-CorrelationId: 7408e61a-e4a7-48c4-8b88-b5ac0f3ef9d9
                                                            MS-RequestId: f2a32a29-1588-49f7-a73e-b9b24389062d
                                                            MS-CV: iKrXUah0SkG7islB.0
                                                            X-Microsoft-SLSClientCache: 1440
                                                            Content-Disposition: attachment; filename=environment.cab
                                                            X-Content-Type-Options: nosniff
                                                            Date: Fri, 27 Sep 2024 06:31:08 GMT
                                                            Connection: close
                                                            Content-Length: 30005
                                                            2024-09-27 06:31:08 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                            2024-09-27 06:31:08 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:02:29:59
                                                            Start date:27/09/2024
                                                            Path:C:\Users\user\Desktop\setup-lightshot 1.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\setup-lightshot 1.exe"
                                                            Imagebase:0x400000
                                                            File size:2'786'328 bytes
                                                            MD5 hash:A1F6923E771B4FF0DF9FEC9555F97C65
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:Borland Delphi
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:1
                                                            Start time:02:30:00
                                                            Start date:27/09/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp" /SL5="$10412,2148280,486912,C:\Users\user\Desktop\setup-lightshot 1.exe"
                                                            Imagebase:0x400000
                                                            File size:1'558'952 bytes
                                                            MD5 hash:C6BFFD4DA620B07CB214F1BD8E7F21D2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:Borland Delphi
                                                            Antivirus matches:
                                                            • Detection: 2%, ReversingLabs
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:2
                                                            Start time:02:30:12
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\System32\taskkill.exe" /f /im lightshot.exe
                                                            Imagebase:0xaa0000
                                                            File size:74'240 bytes
                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:02:30:12
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff7699e0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:4
                                                            Start time:02:30:16
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"taskkill.exe" /F /IM lightshot.exe
                                                            Imagebase:0xaa0000
                                                            File size:74'240 bytes
                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:6
                                                            Start time:02:30:16
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff7699e0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:7
                                                            Start time:02:30:17
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
                                                            Imagebase:0xe50000
                                                            File size:226'728 bytes
                                                            MD5 hash:62EB961457DF016FA3949E9601A1A845
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:8
                                                            Start time:02:30:17
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
                                                            Imagebase:0xf80000
                                                            File size:499'624 bytes
                                                            MD5 hash:1E1C83B9680029AD4A9F8D3B3AC93197
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate
                                                            Has exited:false

                                                            General

                                                            Target ID:9
                                                            Start time:02:30:17
                                                            Start date:27/09/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
                                                            Imagebase:0x400000
                                                            File size:886'032 bytes
                                                            MD5 hash:843D23F6AAB075A3C032B06D30CE9C5D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:Borland Delphi
                                                            Antivirus matches:
                                                            • Detection: 2%, ReversingLabs
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:10
                                                            Start time:02:30:17
                                                            Start date:27/09/2024
                                                            Path:C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
                                                            Imagebase:0x400000
                                                            File size:1'184'920 bytes
                                                            MD5 hash:3613E29D2A7B90C1012EC676819CC1CD
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:Borland Delphi
                                                            Antivirus matches:
                                                            • Detection: 3%, ReversingLabs
                                                            Reputation:moderate
                                                            Has exited:true

                                                            General

                                                            Target ID:12
                                                            Start time:02:30:19
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\SysWOW64\net.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\system32\net.exe" START SCHEDULE
                                                            Imagebase:0xa40000
                                                            File size:47'104 bytes
                                                            MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:13
                                                            Start time:02:30:19
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff7699e0000
                                                            File size:862'208 bytes
                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:15
                                                            Start time:02:30:21
                                                            Start date:27/09/2024
                                                            Path:C:\Windows\SysWOW64\net1.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\system32\net1 START SCHEDULE
                                                            Imagebase:0xa40000
                                                            File size:139'776 bytes
                                                            MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:16
                                                            Start time:02:30:21
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystask
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:19
                                                            Start time:02:30:22
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:20
                                                            Start time:02:30:22
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:21
                                                            Start time:02:30:23
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:22
                                                            Start time:02:30:23
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:23
                                                            Start time:02:30:23
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:24
                                                            Start time:02:30:23
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:25
                                                            Start time:02:30:25
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtask
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:26
                                                            Start time:02:30:25
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:27
                                                            Start time:02:30:25
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:28
                                                            Start time:02:30:25
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:29
                                                            Start time:02:30:26
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
                                                            Imagebase:0x3f0000
                                                            File size:414'872 bytes
                                                            MD5 hash:3EC8F4BD54EF439A8FAB6467122DA0C4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:30
                                                            Start time:02:30:26
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
                                                            Imagebase:0x8d0000
                                                            File size:875'160 bytes
                                                            MD5 hash:FBE0664E1C333E36E3CE73D8BD5CC8A1
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:31
                                                            Start time:02:30:28
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
                                                            Imagebase:0xe50000
                                                            File size:226'728 bytes
                                                            MD5 hash:62EB961457DF016FA3949E9601A1A845
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:32
                                                            Start time:02:30:29
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
                                                            Imagebase:0xf80000
                                                            File size:499'624 bytes
                                                            MD5 hash:1E1C83B9680029AD4A9F8D3B3AC93197
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Has exited:true

                                                            General

                                                            Target ID:33
                                                            Start time:02:30:31
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=default
                                                            Imagebase:0x7ff76e190000
                                                            File size:3'242'272 bytes
                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:false

                                                            General

                                                            Target ID:34
                                                            Start time:02:30:34
                                                            Start date:27/09/2024
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,7167525600281717774,4743937817464806075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                            Imagebase:0x7ff76e190000
                                                            File size:3'242'272 bytes
                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Has exited:false

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:7.5%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:3.6%
                                                              Total number of Nodes:1596
                                                              Total number of Limit Nodes:53
                                                              execution_graph 9552 e57ea1 9555 e57e91 9552->9555 9554 e57eae codecvt 9558 e5af75 9555->9558 9557 e57e9f 9557->9554 9559 e5af81 __calloc_impl 9558->9559 9560 e5b365 __lock 67 API calls 9559->9560 9562 e5af88 9560->9562 9564 e5afb8 9562->9564 9566 e5afc1 9562->9566 9567 e57f91 ___free_lconv_num 67 API calls 9562->9567 9563 e5afd2 __calloc_impl 9563->9557 9565 e57f91 ___free_lconv_num 67 API calls 9564->9565 9565->9566 9568 e5afdc 9566->9568 9567->9564 9571 e5b28b LeaveCriticalSection 9568->9571 9570 e5afe3 9570->9563 9571->9570 11178 e5c13f 11180 e5c14b __calloc_impl 11178->11180 11179 e5c163 11182 e5c171 11179->11182 11184 e57f91 ___free_lconv_num 67 API calls 11179->11184 11180->11179 11181 e57f91 ___free_lconv_num 67 API calls 11180->11181 11183 e5c24d __calloc_impl 11180->11183 11181->11179 11185 e5c17f 11182->11185 11186 e57f91 ___free_lconv_num 67 API calls 11182->11186 11184->11182 11187 e5c18d 11185->11187 11188 e57f91 ___free_lconv_num 67 API calls 11185->11188 11186->11185 11189 e5c19b 11187->11189 11190 e57f91 ___free_lconv_num 67 API calls 11187->11190 11188->11187 11191 e5c1a9 11189->11191 11192 e57f91 ___free_lconv_num 67 API calls 11189->11192 11190->11189 11193 e5c1b7 11191->11193 11194 e57f91 ___free_lconv_num 67 API calls 11191->11194 11192->11191 11195 e5c1c8 11193->11195 11196 e57f91 ___free_lconv_num 67 API calls 11193->11196 11194->11193 11197 e5b365 __lock 67 API calls 11195->11197 11196->11195 11198 e5c1d0 11197->11198 11199 e5c1dc InterlockedDecrement 11198->11199 11205 e5c1f5 11198->11205 11200 e5c1e7 11199->11200 11199->11205 11203 e57f91 ___free_lconv_num 67 API calls 11200->11203 11200->11205 11203->11205 11204 e5b365 __lock 67 API calls 11206 e5c209 11204->11206 11214 e5c259 11205->11214 11207 e5c23a 11206->11207 11209 e5e086 ___removelocaleref 8 API calls 11206->11209 11217 e5c265 11207->11217 11212 e5c21e 11209->11212 11211 e57f91 ___free_lconv_num 67 API calls 11211->11183 11212->11207 11213 e5deae ___freetlocinfo 67 API calls 11212->11213 11213->11207 11220 e5b28b LeaveCriticalSection 11214->11220 11216 e5c202 11216->11204 11221 e5b28b LeaveCriticalSection 11217->11221 11219 e5c247 11219->11211 11220->11216 11221->11219 10032 e5de91 10035 e5dcf6 10032->10035 10034 e5dea0 10036 e5dd02 __calloc_impl 10035->10036 10066 e5c125 10036->10066 10040 e5dd15 10087 e5da95 10040->10087 10043 e5c3fb __malloc_crt 67 API calls 10044 e5dd36 10043->10044 10045 e5de55 __calloc_impl 10044->10045 10094 e5db11 10044->10094 10045->10034 10048 e5dd66 InterlockedDecrement 10050 e5dd87 InterlockedIncrement 10048->10050 10051 e5dd76 10048->10051 10049 e5de62 10049->10045 10052 e5de75 10049->10052 10054 e57f91 ___free_lconv_num 67 API calls 10049->10054 10050->10045 10053 e5dd9d 10050->10053 10051->10050 10056 e57f91 ___free_lconv_num 67 API calls 10051->10056 10055 e59274 strtoxl 67 API calls 10052->10055 10053->10045 10058 e5b365 __lock 67 API calls 10053->10058 10054->10052 10055->10045 10057 e5dd86 10056->10057 10057->10050 10060 e5ddb1 InterlockedDecrement 10058->10060 10061 e5de40 InterlockedIncrement 10060->10061 10062 e5de2d 10060->10062 10104 e5de57 10061->10104 10062->10061 10064 e57f91 ___free_lconv_num 67 API calls 10062->10064 10065 e5de3f 10064->10065 10065->10061 10067 e5c0ac __getptd_noexit 67 API calls 10066->10067 10068 e5c12d 10067->10068 10069 e5c13a 10068->10069 10070 e5c5ad __amsg_exit 67 API calls 10068->10070 10071 e5d9f1 10069->10071 10070->10069 10072 e5d9fd __calloc_impl 10071->10072 10073 e5c125 __getptd 67 API calls 10072->10073 10074 e5da02 10073->10074 10075 e5b365 __lock 67 API calls 10074->10075 10079 e5da14 10074->10079 10076 e5da32 10075->10076 10077 e5da7b 10076->10077 10080 e5da63 InterlockedIncrement 10076->10080 10081 e5da49 InterlockedDecrement 10076->10081 10107 e5da8c 10077->10107 10078 e5da22 __calloc_impl 10078->10040 10079->10078 10083 e5c5ad __amsg_exit 67 API calls 10079->10083 10080->10077 10081->10080 10084 e5da54 10081->10084 10083->10078 10084->10080 10085 e57f91 ___free_lconv_num 67 API calls 10084->10085 10086 e5da62 10085->10086 10086->10080 10111 e58aa8 10087->10111 10090 e5dab4 GetOEMCP 10093 e5dac4 10090->10093 10091 e5dad2 10092 e5dad7 GetACP 10091->10092 10091->10093 10092->10093 10093->10043 10093->10045 10095 e5da95 getSystemCP 79 API calls 10094->10095 10098 e5db31 10095->10098 10096 e5db3c setSBCS 10099 e579e4 __fputwc_nolock 5 API calls 10096->10099 10097 e5dba5 _memset __setmbcp_nolock 10302 e5d85e GetCPInfo 10097->10302 10098->10096 10098->10097 10101 e5db80 IsValidCodePage 10098->10101 10100 e5dcf4 10099->10100 10100->10048 10100->10049 10101->10096 10102 e5db92 GetCPInfo 10101->10102 10102->10096 10102->10097 10451 e5b28b LeaveCriticalSection 10104->10451 10106 e5de5e 10106->10045 10110 e5b28b LeaveCriticalSection 10107->10110 10109 e5da93 10109->10079 10110->10109 10112 e58abb 10111->10112 10118 e58b08 10111->10118 10113 e5c125 __getptd 67 API calls 10112->10113 10114 e58ac0 10113->10114 10115 e58ae8 10114->10115 10119 e5e15d 10114->10119 10117 e5d9f1 __setmbcp 69 API calls 10115->10117 10115->10118 10117->10118 10118->10090 10118->10091 10120 e5e169 __calloc_impl 10119->10120 10121 e5c125 __getptd 67 API calls 10120->10121 10123 e5e16e 10121->10123 10122 e5e19c 10124 e5b365 __lock 67 API calls 10122->10124 10123->10122 10125 e5e180 10123->10125 10126 e5e1a3 10124->10126 10127 e5c125 __getptd 67 API calls 10125->10127 10134 e5e11f 10126->10134 10129 e5e185 10127->10129 10132 e5e193 __calloc_impl 10129->10132 10133 e5c5ad __amsg_exit 67 API calls 10129->10133 10132->10115 10133->10132 10135 e5e155 10134->10135 10136 e5e123 10134->10136 10142 e5e1c7 10135->10142 10136->10135 10137 e5dff7 ___addlocaleref 8 API calls 10136->10137 10138 e5e136 10137->10138 10138->10135 10145 e5e086 10138->10145 10301 e5b28b LeaveCriticalSection 10142->10301 10144 e5e1ce 10144->10129 10146 e5e097 InterlockedDecrement 10145->10146 10147 e5e11a 10145->10147 10148 e5e0ac InterlockedDecrement 10146->10148 10149 e5e0af 10146->10149 10147->10135 10159 e5deae 10147->10159 10148->10149 10150 e5e0bc 10149->10150 10151 e5e0b9 InterlockedDecrement 10149->10151 10152 e5e0c6 InterlockedDecrement 10150->10152 10153 e5e0c9 10150->10153 10151->10150 10152->10153 10154 e5e0d3 InterlockedDecrement 10153->10154 10155 e5e0d6 10153->10155 10154->10155 10156 e5e0ef InterlockedDecrement 10155->10156 10157 e5e0ff InterlockedDecrement 10155->10157 10158 e5e10a InterlockedDecrement 10155->10158 10156->10155 10157->10155 10158->10147 10160 e5df32 10159->10160 10162 e5dec5 10159->10162 10161 e5df7f 10160->10161 10163 e57f91 ___free_lconv_num 67 API calls 10160->10163 10174 e5dfa6 10161->10174 10213 e60581 10161->10213 10162->10160 10165 e5def9 10162->10165 10171 e57f91 ___free_lconv_num 67 API calls 10162->10171 10166 e5df53 10163->10166 10178 e57f91 ___free_lconv_num 67 API calls 10165->10178 10188 e5df1a 10165->10188 10168 e57f91 ___free_lconv_num 67 API calls 10166->10168 10173 e5df66 10168->10173 10169 e57f91 ___free_lconv_num 67 API calls 10175 e5df27 10169->10175 10170 e57f91 ___free_lconv_num 67 API calls 10170->10174 10176 e5deee 10171->10176 10172 e5dfeb 10177 e57f91 ___free_lconv_num 67 API calls 10172->10177 10180 e57f91 ___free_lconv_num 67 API calls 10173->10180 10174->10172 10179 e57f91 67 API calls ___free_lconv_num 10174->10179 10181 e57f91 ___free_lconv_num 67 API calls 10175->10181 10189 e6075b 10176->10189 10183 e5dff1 10177->10183 10184 e5df0f 10178->10184 10179->10174 10185 e5df74 10180->10185 10181->10160 10183->10135 10205 e60716 10184->10205 10187 e57f91 ___free_lconv_num 67 API calls 10185->10187 10187->10161 10188->10169 10190 e60768 10189->10190 10204 e607e5 10189->10204 10191 e57f91 ___free_lconv_num 67 API calls 10190->10191 10192 e60779 10190->10192 10191->10192 10193 e6078b 10192->10193 10194 e57f91 ___free_lconv_num 67 API calls 10192->10194 10195 e6079d 10193->10195 10196 e57f91 ___free_lconv_num 67 API calls 10193->10196 10194->10193 10197 e607af 10195->10197 10198 e57f91 ___free_lconv_num 67 API calls 10195->10198 10196->10195 10199 e607c1 10197->10199 10200 e57f91 ___free_lconv_num 67 API calls 10197->10200 10198->10197 10201 e607d3 10199->10201 10202 e57f91 ___free_lconv_num 67 API calls 10199->10202 10200->10199 10203 e57f91 ___free_lconv_num 67 API calls 10201->10203 10201->10204 10202->10201 10203->10204 10204->10165 10206 e60723 10205->10206 10212 e60757 10205->10212 10207 e57f91 ___free_lconv_num 67 API calls 10206->10207 10208 e60733 10206->10208 10207->10208 10209 e57f91 ___free_lconv_num 67 API calls 10208->10209 10210 e60745 10208->10210 10209->10210 10211 e57f91 ___free_lconv_num 67 API calls 10210->10211 10210->10212 10211->10212 10212->10188 10214 e60592 10213->10214 10215 e5df9f 10213->10215 10216 e57f91 ___free_lconv_num 67 API calls 10214->10216 10215->10170 10217 e6059a 10216->10217 10218 e57f91 ___free_lconv_num 67 API calls 10217->10218 10219 e605a2 10218->10219 10220 e57f91 ___free_lconv_num 67 API calls 10219->10220 10221 e605aa 10220->10221 10222 e57f91 ___free_lconv_num 67 API calls 10221->10222 10223 e605b2 10222->10223 10224 e57f91 ___free_lconv_num 67 API calls 10223->10224 10225 e605ba 10224->10225 10226 e57f91 ___free_lconv_num 67 API calls 10225->10226 10227 e605c2 10226->10227 10228 e57f91 ___free_lconv_num 67 API calls 10227->10228 10229 e605c9 10228->10229 10230 e57f91 ___free_lconv_num 67 API calls 10229->10230 10231 e605d1 10230->10231 10232 e57f91 ___free_lconv_num 67 API calls 10231->10232 10233 e605d9 10232->10233 10234 e57f91 ___free_lconv_num 67 API calls 10233->10234 10235 e605e1 10234->10235 10236 e57f91 ___free_lconv_num 67 API calls 10235->10236 10237 e605e9 10236->10237 10238 e57f91 ___free_lconv_num 67 API calls 10237->10238 10239 e605f1 10238->10239 10240 e57f91 ___free_lconv_num 67 API calls 10239->10240 10241 e605f9 10240->10241 10242 e57f91 ___free_lconv_num 67 API calls 10241->10242 10243 e60601 10242->10243 10244 e57f91 ___free_lconv_num 67 API calls 10243->10244 10245 e60609 10244->10245 10246 e57f91 ___free_lconv_num 67 API calls 10245->10246 10247 e60611 10246->10247 10248 e57f91 ___free_lconv_num 67 API calls 10247->10248 10249 e6061c 10248->10249 10250 e57f91 ___free_lconv_num 67 API calls 10249->10250 10251 e60624 10250->10251 10252 e57f91 ___free_lconv_num 67 API calls 10251->10252 10253 e6062c 10252->10253 10254 e57f91 ___free_lconv_num 67 API calls 10253->10254 10255 e60634 10254->10255 10256 e57f91 ___free_lconv_num 67 API calls 10255->10256 10257 e6063c 10256->10257 10258 e57f91 ___free_lconv_num 67 API calls 10257->10258 10259 e60644 10258->10259 10260 e57f91 ___free_lconv_num 67 API calls 10259->10260 10261 e6064c 10260->10261 10262 e57f91 ___free_lconv_num 67 API calls 10261->10262 10263 e60654 10262->10263 10264 e57f91 ___free_lconv_num 67 API calls 10263->10264 10265 e6065c 10264->10265 10266 e57f91 ___free_lconv_num 67 API calls 10265->10266 10267 e60664 10266->10267 10268 e57f91 ___free_lconv_num 67 API calls 10267->10268 10269 e6066c 10268->10269 10270 e57f91 ___free_lconv_num 67 API calls 10269->10270 10271 e60674 10270->10271 10272 e57f91 ___free_lconv_num 67 API calls 10271->10272 10273 e6067c 10272->10273 10274 e57f91 ___free_lconv_num 67 API calls 10273->10274 10275 e60684 10274->10275 10276 e57f91 ___free_lconv_num 67 API calls 10275->10276 10277 e6068c 10276->10277 10278 e57f91 ___free_lconv_num 67 API calls 10277->10278 10279 e60694 10278->10279 10280 e57f91 ___free_lconv_num 67 API calls 10279->10280 10281 e606a2 10280->10281 10282 e57f91 ___free_lconv_num 67 API calls 10281->10282 10283 e606ad 10282->10283 10284 e57f91 ___free_lconv_num 67 API calls 10283->10284 10285 e606b8 10284->10285 10286 e57f91 ___free_lconv_num 67 API calls 10285->10286 10287 e606c3 10286->10287 10288 e57f91 ___free_lconv_num 67 API calls 10287->10288 10289 e606ce 10288->10289 10290 e57f91 ___free_lconv_num 67 API calls 10289->10290 10291 e606d9 10290->10291 10292 e57f91 ___free_lconv_num 67 API calls 10291->10292 10293 e606e4 10292->10293 10294 e57f91 ___free_lconv_num 67 API calls 10293->10294 10295 e606ef 10294->10295 10296 e57f91 ___free_lconv_num 67 API calls 10295->10296 10297 e606fa 10296->10297 10298 e57f91 ___free_lconv_num 67 API calls 10297->10298 10299 e60705 10298->10299 10300 e57f91 ___free_lconv_num 67 API calls 10299->10300 10300->10215 10301->10144 10305 e5d892 _memset 10302->10305 10311 e5d944 10302->10311 10312 e6053f 10305->10312 10307 e579e4 __fputwc_nolock 5 API calls 10309 e5d9ef 10307->10309 10309->10097 10310 e60340 ___crtLCMapStringA 102 API calls 10310->10311 10311->10307 10313 e58aa8 _LocaleUpdate::_LocaleUpdate 77 API calls 10312->10313 10314 e60552 10313->10314 10322 e60385 10314->10322 10317 e60340 10318 e58aa8 _LocaleUpdate::_LocaleUpdate 77 API calls 10317->10318 10319 e60353 10318->10319 10379 e5ff9b 10319->10379 10323 e603a6 GetStringTypeW 10322->10323 10324 e603d1 10322->10324 10325 e603c6 GetLastError 10323->10325 10326 e603be 10323->10326 10324->10326 10327 e604b8 10324->10327 10325->10324 10328 e6040a MultiByteToWideChar 10326->10328 10330 e604b2 10326->10330 10350 e61406 GetLocaleInfoA 10327->10350 10328->10330 10331 e60437 10328->10331 10332 e579e4 __fputwc_nolock 5 API calls 10330->10332 10338 e58529 _malloc 67 API calls 10331->10338 10345 e6044c _memset ___convertcp 10331->10345 10334 e5d8ff 10332->10334 10334->10317 10336 e60485 MultiByteToWideChar 10341 e604ac 10336->10341 10342 e6049b GetStringTypeW 10336->10342 10338->10345 10346 e5ff7b 10341->10346 10342->10341 10345->10330 10345->10336 10347 e5ff87 10346->10347 10348 e5ff98 10346->10348 10347->10348 10349 e57f91 ___free_lconv_num 67 API calls 10347->10349 10348->10330 10349->10348 10351 e61439 10350->10351 10353 e612d9 10351->10353 10356 e612ae 10353->10356 10357 e612c7 10356->10357 10360 e6107f 10357->10360 10361 e58aa8 _LocaleUpdate::_LocaleUpdate 77 API calls 10360->10361 10363 e61094 10361->10363 10362 e610a6 10364 e59274 strtoxl 67 API calls 10362->10364 10363->10362 10368 e610e3 10363->10368 10365 e610ab 10364->10365 10366 e5920c strtoxl 6 API calls 10365->10366 10371 e610bb 10366->10371 10369 e61128 10368->10369 10372 e6185c 10368->10372 10370 e59274 strtoxl 67 API calls 10369->10370 10369->10371 10370->10371 10373 e58aa8 _LocaleUpdate::_LocaleUpdate 77 API calls 10372->10373 10374 e61870 10373->10374 10375 e6187d 10374->10375 10376 e5f63c __isleadbyte_l 77 API calls 10374->10376 10375->10368 10377 e618a5 10376->10377 10378 e6053f ___crtGetStringTypeA 91 API calls 10377->10378 10378->10375 10380 e5ffbc LCMapStringW 10379->10380 10383 e5ffd7 10379->10383 10381 e5ffdf GetLastError 10380->10381 10380->10383 10381->10383 10382 e601d5 10386 e61406 __crtGetStringTypeA_stat 91 API calls 10382->10386 10383->10382 10384 e60031 10383->10384 10385 e6004a MultiByteToWideChar 10384->10385 10408 e601cc 10384->10408 10394 e60077 10385->10394 10385->10408 10388 e601fd 10386->10388 10387 e579e4 __fputwc_nolock 5 API calls 10389 e5d91f 10387->10389 10390 e60216 10388->10390 10391 e602f1 LCMapStringA 10388->10391 10388->10408 10389->10310 10426 e6144f 10390->10426 10395 e6024d 10391->10395 10393 e600c8 MultiByteToWideChar 10398 e601c3 10393->10398 10399 e600e1 LCMapStringW 10393->10399 10396 e58529 _malloc 67 API calls 10394->10396 10405 e60090 ___convertcp 10394->10405 10400 e60318 10395->10400 10401 e57f91 ___free_lconv_num 67 API calls 10395->10401 10396->10405 10403 e5ff7b __freea 67 API calls 10398->10403 10399->10398 10404 e60102 10399->10404 10407 e57f91 ___free_lconv_num 67 API calls 10400->10407 10400->10408 10401->10400 10402 e60232 LCMapStringA 10402->10395 10411 e60254 10402->10411 10403->10408 10406 e6010b 10404->10406 10410 e60134 10404->10410 10405->10393 10405->10408 10406->10398 10409 e6011d LCMapStringW 10406->10409 10407->10408 10408->10387 10409->10398 10413 e6014f ___convertcp 10410->10413 10415 e58529 _malloc 67 API calls 10410->10415 10414 e60265 _memset ___convertcp 10411->10414 10416 e58529 _malloc 67 API calls 10411->10416 10412 e60183 LCMapStringW 10417 e601bd 10412->10417 10418 e6019b WideCharToMultiByte 10412->10418 10413->10398 10413->10412 10414->10395 10420 e602a3 LCMapStringA 10414->10420 10415->10413 10416->10414 10419 e5ff7b __freea 67 API calls 10417->10419 10418->10417 10419->10398 10422 e602c3 10420->10422 10423 e602bf 10420->10423 10424 e6144f ___convertcp 74 API calls 10422->10424 10425 e5ff7b __freea 67 API calls 10423->10425 10424->10423 10425->10395 10427 e61519 10426->10427 10428 e6148f GetCPInfo 10426->10428 10431 e579e4 __fputwc_nolock 5 API calls 10427->10431 10429 e614a6 10428->10429 10430 e61504 MultiByteToWideChar 10428->10430 10429->10430 10432 e614ac GetCPInfo 10429->10432 10430->10427 10435 e614bf _strlen 10430->10435 10433 e60228 10431->10433 10432->10430 10434 e614b9 10432->10434 10433->10402 10433->10408 10434->10430 10434->10435 10436 e58529 _malloc 67 API calls 10435->10436 10440 e614f1 _memset ___convertcp 10435->10440 10436->10440 10437 e6154e MultiByteToWideChar 10438 e61566 10437->10438 10439 e61585 10437->10439 10442 e6156d WideCharToMultiByte 10438->10442 10443 e6158a 10438->10443 10441 e5ff7b __freea 67 API calls 10439->10441 10440->10427 10440->10437 10441->10427 10442->10439 10444 e61595 WideCharToMultiByte 10443->10444 10445 e615a9 10443->10445 10444->10439 10444->10445 10446 e5c440 __calloc_crt 67 API calls 10445->10446 10447 e615b1 10446->10447 10447->10439 10448 e615ba WideCharToMultiByte 10447->10448 10448->10439 10449 e615cc 10448->10449 10450 e57f91 ___free_lconv_num 67 API calls 10449->10450 10450->10439 10451->10106 10452 e5f190 10459 e60d70 10452->10459 10455 e5f1a3 10457 e57f91 ___free_lconv_num 67 API calls 10455->10457 10458 e5f1ae 10457->10458 10472 e60c96 10459->10472 10461 e5f195 10461->10455 10462 e60b47 10461->10462 10463 e60b53 __calloc_impl 10462->10463 10464 e5b365 __lock 67 API calls 10463->10464 10467 e60b5f 10464->10467 10465 e60bc8 10513 e60bdd 10465->10513 10467->10465 10469 e60b9d DeleteCriticalSection 10467->10469 10500 e616ff 10467->10500 10468 e60bd4 __calloc_impl 10468->10455 10471 e57f91 ___free_lconv_num 67 API calls 10469->10471 10471->10467 10473 e60ca2 __calloc_impl 10472->10473 10474 e5b365 __lock 67 API calls 10473->10474 10481 e60cb1 10474->10481 10475 e60d49 10490 e60d67 10475->10490 10478 e60d55 __calloc_impl 10478->10461 10480 e60c4e 105 API calls __fflush_nolock 10480->10481 10481->10475 10481->10480 10482 e5f1f1 10481->10482 10487 e60d38 10481->10487 10483 e5f214 EnterCriticalSection 10482->10483 10484 e5f1fe 10482->10484 10483->10481 10485 e5b365 __lock 67 API calls 10484->10485 10486 e5f207 10485->10486 10486->10481 10493 e5f25f 10487->10493 10489 e60d46 10489->10481 10499 e5b28b LeaveCriticalSection 10490->10499 10492 e60d6e 10492->10478 10494 e5f282 LeaveCriticalSection 10493->10494 10495 e5f26f 10493->10495 10494->10489 10498 e5b28b LeaveCriticalSection 10495->10498 10497 e5f27f 10497->10489 10498->10497 10499->10492 10501 e6170b __calloc_impl 10500->10501 10502 e6171f 10501->10502 10503 e6173c 10501->10503 10504 e59274 strtoxl 67 API calls 10502->10504 10512 e61734 __calloc_impl 10503->10512 10516 e5f1b0 10503->10516 10505 e61724 10504->10505 10507 e5920c strtoxl 6 API calls 10505->10507 10507->10512 10512->10467 10763 e5b28b LeaveCriticalSection 10513->10763 10515 e60be4 10515->10468 10517 e5f1e4 EnterCriticalSection 10516->10517 10518 e5f1c2 10516->10518 10519 e5f1da 10517->10519 10518->10517 10520 e5f1ca 10518->10520 10522 e61688 10519->10522 10521 e5b365 __lock 67 API calls 10520->10521 10521->10519 10523 e6169c 10522->10523 10524 e616b8 10522->10524 10525 e59274 strtoxl 67 API calls 10523->10525 10526 e616b1 10524->10526 10541 e60be6 10524->10541 10527 e616a1 10525->10527 10538 e61773 10526->10538 10529 e5920c strtoxl 6 API calls 10527->10529 10529->10526 10536 e616d8 10536->10526 10537 e57f91 ___free_lconv_num 67 API calls 10536->10537 10537->10526 10756 e5f223 10538->10756 10540 e61779 10540->10512 10542 e60bff 10541->10542 10543 e60c21 10541->10543 10542->10543 10544 e5f28e __fileno 67 API calls 10542->10544 10547 e61aea 10543->10547 10545 e60c1a 10544->10545 10580 e5ef50 10545->10580 10548 e61afa 10547->10548 10549 e616cc 10547->10549 10548->10549 10550 e57f91 ___free_lconv_num 67 API calls 10548->10550 10551 e5f28e 10549->10551 10550->10549 10552 e5f29d 10551->10552 10553 e5f2b2 10551->10553 10554 e59274 strtoxl 67 API calls 10552->10554 10557 e61a1d 10553->10557 10555 e5f2a2 10554->10555 10556 e5920c strtoxl 6 API calls 10555->10556 10556->10553 10558 e61a29 __calloc_impl 10557->10558 10559 e61a31 10558->10559 10560 e61a4c 10558->10560 10561 e59287 __dosmaperr 67 API calls 10559->10561 10562 e61a5a 10560->10562 10565 e61a9b 10560->10565 10563 e61a36 10561->10563 10564 e59287 __dosmaperr 67 API calls 10562->10564 10566 e59274 strtoxl 67 API calls 10563->10566 10567 e61a5f 10564->10567 10568 e609bb ___lock_fhandle 68 API calls 10565->10568 10577 e61a3e __calloc_impl 10566->10577 10569 e59274 strtoxl 67 API calls 10567->10569 10570 e61aa1 10568->10570 10571 e61a66 10569->10571 10573 e61aae 10570->10573 10574 e61abc 10570->10574 10572 e5920c strtoxl 6 API calls 10571->10572 10572->10577 10728 e61981 10573->10728 10576 e59274 strtoxl 67 API calls 10574->10576 10578 e61ab6 10576->10578 10577->10536 10743 e61ae0 10578->10743 10581 e5ef5c __calloc_impl 10580->10581 10582 e5ef64 10581->10582 10583 e5ef7f 10581->10583 10605 e59287 10582->10605 10584 e5ef8d 10583->10584 10589 e5efce 10583->10589 10586 e59287 __dosmaperr 67 API calls 10584->10586 10588 e5ef92 10586->10588 10591 e59274 strtoxl 67 API calls 10588->10591 10608 e609bb 10589->10608 10590 e59274 strtoxl 67 API calls 10599 e5ef71 __calloc_impl 10590->10599 10593 e5ef99 10591->10593 10595 e5920c strtoxl 6 API calls 10593->10595 10594 e5efd4 10596 e5eff7 10594->10596 10597 e5efe1 10594->10597 10595->10599 10598 e59274 strtoxl 67 API calls 10596->10598 10618 e5e81d 10597->10618 10601 e5effc 10598->10601 10599->10543 10603 e59287 __dosmaperr 67 API calls 10601->10603 10602 e5efef 10677 e5f022 10602->10677 10603->10602 10606 e5c0ac __getptd_noexit 67 API calls 10605->10606 10607 e5928c 10606->10607 10607->10590 10609 e609c7 __calloc_impl 10608->10609 10610 e60a22 10609->10610 10612 e5b365 __lock 67 API calls 10609->10612 10611 e60a27 EnterCriticalSection 10610->10611 10613 e60a44 __calloc_impl 10610->10613 10611->10613 10614 e609f3 10612->10614 10613->10594 10615 e60a0a 10614->10615 10617 e5f6fe __ioinit InitializeCriticalSectionAndSpinCount 10614->10617 10680 e60a52 10615->10680 10617->10615 10619 e5e82c __write_nolock 10618->10619 10620 e5e885 10619->10620 10621 e5e85e 10619->10621 10651 e5e853 10619->10651 10625 e5e8ed 10620->10625 10626 e5e8c7 10620->10626 10622 e59287 __dosmaperr 67 API calls 10621->10622 10624 e5e863 10622->10624 10623 e579e4 __fputwc_nolock 5 API calls 10627 e5ef4e 10623->10627 10629 e59274 strtoxl 67 API calls 10624->10629 10628 e5e901 10625->10628 10684 e5e67f 10625->10684 10630 e59287 __dosmaperr 67 API calls 10626->10630 10627->10602 10694 e5f075 10628->10694 10632 e5e86a 10629->10632 10634 e5e8cc 10630->10634 10635 e5920c strtoxl 6 API calls 10632->10635 10637 e59274 strtoxl 67 API calls 10634->10637 10635->10651 10636 e5e90c 10638 e5ebb2 10636->10638 10643 e5c125 __getptd 67 API calls 10636->10643 10639 e5e8d5 10637->10639 10641 e5ee81 WriteFile 10638->10641 10642 e5ebc2 10638->10642 10640 e5920c strtoxl 6 API calls 10639->10640 10640->10651 10644 e5eeb4 GetLastError 10641->10644 10667 e5eb94 10641->10667 10645 e5ebd6 10642->10645 10646 e5eca0 10642->10646 10647 e5e927 GetConsoleMode 10643->10647 10644->10667 10649 e5eeff 10645->10649 10659 e5ec44 WriteFile 10645->10659 10645->10667 10648 e5ecaf 10646->10648 10670 e5ed80 10646->10670 10647->10638 10650 e5e952 10647->10650 10648->10649 10663 e5ed24 WriteFile 10648->10663 10648->10667 10649->10651 10653 e59274 strtoxl 67 API calls 10649->10653 10650->10638 10652 e5e964 GetConsoleCP 10650->10652 10651->10623 10652->10667 10675 e5e987 10652->10675 10655 e5ef22 10653->10655 10654 e5eed2 10657 e5eef1 10654->10657 10658 e5eedd 10654->10658 10660 e59287 __dosmaperr 67 API calls 10655->10660 10656 e5ede6 WideCharToMultiByte 10656->10644 10662 e5ee1d WriteFile 10656->10662 10706 e5929a 10657->10706 10661 e59274 strtoxl 67 API calls 10658->10661 10659->10644 10659->10645 10660->10651 10665 e5eee2 10661->10665 10666 e5ee54 GetLastError 10662->10666 10662->10670 10663->10644 10663->10648 10668 e59287 __dosmaperr 67 API calls 10665->10668 10666->10670 10667->10649 10667->10651 10667->10654 10668->10651 10670->10649 10670->10656 10670->10662 10670->10667 10671 e60a82 11 API calls __putwch_nolock 10671->10675 10672 e5ea33 WideCharToMultiByte 10672->10667 10674 e5ea64 WriteFile 10672->10674 10673 e5f622 79 API calls __fassign 10673->10675 10674->10644 10674->10675 10675->10644 10675->10667 10675->10671 10675->10672 10675->10673 10676 e5eab8 WriteFile 10675->10676 10703 e5f674 10675->10703 10676->10644 10676->10675 10727 e60a5b LeaveCriticalSection 10677->10727 10679 e5f02a 10679->10599 10683 e5b28b LeaveCriticalSection 10680->10683 10682 e60a59 10682->10610 10683->10682 10711 e60944 10684->10711 10686 e5e69d 10687 e5e6a5 10686->10687 10688 e5e6b6 SetFilePointer 10686->10688 10689 e59274 strtoxl 67 API calls 10687->10689 10690 e5e6aa 10688->10690 10691 e5e6ce GetLastError 10688->10691 10689->10690 10690->10628 10691->10690 10692 e5e6d8 10691->10692 10693 e5929a __dosmaperr 67 API calls 10692->10693 10693->10690 10695 e5f091 10694->10695 10696 e5f082 10694->10696 10699 e59274 strtoxl 67 API calls 10695->10699 10702 e5f0b5 10695->10702 10697 e59274 strtoxl 67 API calls 10696->10697 10698 e5f087 10697->10698 10698->10636 10700 e5f0a5 10699->10700 10701 e5920c strtoxl 6 API calls 10700->10701 10701->10702 10702->10636 10724 e5f63c 10703->10724 10707 e59287 __dosmaperr 67 API calls 10706->10707 10708 e592a5 __dosmaperr 10707->10708 10709 e59274 strtoxl 67 API calls 10708->10709 10710 e592b8 10709->10710 10710->10651 10712 e60951 10711->10712 10714 e60969 10711->10714 10713 e59287 __dosmaperr 67 API calls 10712->10713 10715 e60956 10713->10715 10716 e59287 __dosmaperr 67 API calls 10714->10716 10718 e609ae 10714->10718 10717 e59274 strtoxl 67 API calls 10715->10717 10719 e60997 10716->10719 10720 e6095e 10717->10720 10718->10686 10721 e59274 strtoxl 67 API calls 10719->10721 10720->10686 10722 e6099e 10721->10722 10723 e5920c strtoxl 6 API calls 10722->10723 10723->10718 10725 e58aa8 _LocaleUpdate::_LocaleUpdate 77 API calls 10724->10725 10726 e5f64f 10725->10726 10726->10675 10727->10679 10729 e60944 __commit 67 API calls 10728->10729 10732 e61991 10729->10732 10730 e619e7 10746 e608be 10730->10746 10732->10730 10733 e619c5 10732->10733 10735 e60944 __commit 67 API calls 10732->10735 10733->10730 10736 e60944 __commit 67 API calls 10733->10736 10738 e619bc 10735->10738 10739 e619d1 CloseHandle 10736->10739 10737 e61a11 10737->10578 10741 e60944 __commit 67 API calls 10738->10741 10739->10730 10742 e619dd GetLastError 10739->10742 10740 e5929a __dosmaperr 67 API calls 10740->10737 10741->10733 10742->10730 10755 e60a5b LeaveCriticalSection 10743->10755 10745 e61ae8 10745->10577 10747 e608cf 10746->10747 10748 e6092a 10746->10748 10747->10748 10751 e608fa 10747->10751 10749 e59274 strtoxl 67 API calls 10748->10749 10750 e6092f 10749->10750 10752 e59287 __dosmaperr 67 API calls 10750->10752 10753 e60920 10751->10753 10754 e6091a SetStdHandle 10751->10754 10752->10753 10753->10737 10753->10740 10754->10753 10755->10745 10757 e5f234 10756->10757 10758 e5f253 LeaveCriticalSection 10756->10758 10757->10758 10759 e5f23b 10757->10759 10758->10540 10762 e5b28b LeaveCriticalSection 10759->10762 10761 e5f250 10761->10540 10762->10761 10763->10515 8151 e5861c 8188 e587a4 8151->8188 8153 e58628 GetStartupInfoW 8154 e5864b 8153->8154 8189 e5b1b9 HeapCreate 8154->8189 8157 e5869b 8191 e5c26e GetModuleHandleW 8157->8191 8161 e586ac __RTC_Initialize 8225 e5d48d 8161->8225 8162 e585f3 _fast_error_exit 67 API calls 8162->8161 8164 e586ba 8165 e586c6 GetCommandLineW 8164->8165 8291 e5c5ad 8164->8291 8240 e5d430 GetEnvironmentStringsW 8165->8240 8169 e586d5 8247 e5d382 GetModuleFileNameW 8169->8247 8172 e586ea 8253 e5d153 8172->8253 8173 e5c5ad __amsg_exit 67 API calls 8173->8172 8176 e586fb 8266 e5c66c 8176->8266 8177 e5c5ad __amsg_exit 67 API calls 8177->8176 8179 e58702 8180 e5870d __wwincmdln 8179->8180 8181 e5c5ad __amsg_exit 67 API calls 8179->8181 8272 e52df0 CoInitialize DefWindowProcW 8180->8272 8181->8180 8183 e5872e 8184 e5873c 8183->8184 8280 e5c81d 8183->8280 8298 e5c849 8184->8298 8187 e58741 __calloc_impl 8188->8153 8190 e5868f 8189->8190 8190->8157 8283 e585f3 8190->8283 8192 e5c282 8191->8192 8193 e5c289 8191->8193 8301 e5c57d 8192->8301 8195 e5c3f1 8193->8195 8196 e5c293 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 8193->8196 8360 e5bf86 8195->8360 8198 e5c2dc TlsAlloc 8196->8198 8201 e586a1 8198->8201 8202 e5c32a TlsSetValue 8198->8202 8201->8161 8201->8162 8202->8201 8203 e5c33b 8202->8203 8305 e5c867 8203->8305 8208 e5be5c __encode_pointer 6 API calls 8209 e5c35b 8208->8209 8210 e5be5c __encode_pointer 6 API calls 8209->8210 8211 e5c36b 8210->8211 8212 e5be5c __encode_pointer 6 API calls 8211->8212 8213 e5c37b 8212->8213 8322 e5b1e9 8213->8322 8220 e5bed7 __decode_pointer 6 API calls 8221 e5c3cf 8220->8221 8221->8195 8222 e5c3d6 8221->8222 8342 e5bfc5 8222->8342 8224 e5c3de GetCurrentThreadId 8224->8201 8687 e587a4 8225->8687 8227 e5d499 GetStartupInfoA 8228 e5c440 __calloc_crt 67 API calls 8227->8228 8235 e5d4ba 8228->8235 8229 e5d6d8 __calloc_impl 8229->8164 8230 e5d655 GetStdHandle 8239 e5d61f 8230->8239 8231 e5d6ba SetHandleCount 8231->8229 8232 e5c440 __calloc_crt 67 API calls 8232->8235 8233 e5d667 GetFileType 8233->8239 8234 e5d5a2 8234->8229 8236 e5d5cb GetFileType 8234->8236 8238 e5f6fe __ioinit InitializeCriticalSectionAndSpinCount 8234->8238 8234->8239 8235->8229 8235->8232 8235->8234 8235->8239 8236->8234 8237 e5f6fe __ioinit InitializeCriticalSectionAndSpinCount 8237->8239 8238->8234 8239->8229 8239->8230 8239->8231 8239->8233 8239->8237 8241 e5d445 8240->8241 8242 e5d441 8240->8242 8244 e5c3fb __malloc_crt 67 API calls 8241->8244 8242->8169 8245 e5d466 _realloc 8244->8245 8246 e5d46d FreeEnvironmentStringsW 8245->8246 8246->8169 8248 e5d3b7 _wparse_cmdline 8247->8248 8249 e586df 8248->8249 8250 e5d3f4 8248->8250 8249->8172 8249->8173 8251 e5c3fb __malloc_crt 67 API calls 8250->8251 8252 e5d3fa _wparse_cmdline 8251->8252 8252->8249 8255 e5d16b _wcslen 8253->8255 8258 e586f0 8253->8258 8254 e5c440 __calloc_crt 67 API calls 8263 e5d18f _wcslen 8254->8263 8255->8254 8256 e5d1f4 8257 e57f91 ___free_lconv_num 67 API calls 8256->8257 8257->8258 8258->8176 8258->8177 8259 e5c440 __calloc_crt 67 API calls 8259->8263 8260 e5d21a 8262 e57f91 ___free_lconv_num 67 API calls 8260->8262 8262->8258 8263->8256 8263->8258 8263->8259 8263->8260 8264 e5d1d9 8263->8264 8688 e5ff0c 8263->8688 8264->8263 8265 e590e4 __invoke_watson 10 API calls 8264->8265 8265->8264 8267 e5c67a __IsNonwritableInCurrentImage 8266->8267 8697 e5f447 8267->8697 8269 e5c698 __initterm_e 8271 e5c6b7 __IsNonwritableInCurrentImage __initterm 8269->8271 8701 e58146 8269->8701 8271->8179 8273 e52e16 8272->8273 8801 e52fc0 8273->8801 8275 e52e2b 8806 e52d60 8275->8806 8277 e52e3b 8821 e53110 8277->8821 9276 e5c6f1 8280->9276 8282 e5c82e 8282->8184 8284 e58606 8283->8284 8285 e58601 8283->8285 8286 e5cd78 __NMSG_WRITE 67 API calls 8284->8286 8287 e5cf23 __FF_MSGBANNER 67 API calls 8285->8287 8288 e5860e 8286->8288 8287->8284 8289 e5c601 _doexit 3 API calls 8288->8289 8290 e58618 8289->8290 8290->8157 8292 e5cf23 __FF_MSGBANNER 67 API calls 8291->8292 8293 e5c5b7 8292->8293 8294 e5cd78 __NMSG_WRITE 67 API calls 8293->8294 8295 e5c5bf 8294->8295 8296 e5bed7 __decode_pointer 6 API calls 8295->8296 8297 e586c5 8296->8297 8297->8165 8299 e5c6f1 _doexit 67 API calls 8298->8299 8300 e5c854 8299->8300 8300->8187 8302 e5c588 Sleep GetModuleHandleW 8301->8302 8303 e5c5a6 8302->8303 8304 e5c288 8302->8304 8303->8302 8303->8304 8304->8193 8366 e5bece 8305->8366 8307 e5c86f __init_pointers __initp_misc_winsig 8369 e5f8b5 8307->8369 8310 e5be5c __encode_pointer 6 API calls 8311 e5c340 8310->8311 8312 e5be5c TlsGetValue 8311->8312 8313 e5be95 GetModuleHandleW 8312->8313 8314 e5be74 8312->8314 8316 e5bea5 8313->8316 8317 e5beb0 GetProcAddress 8313->8317 8314->8313 8315 e5be7e TlsGetValue 8314->8315 8320 e5be89 8315->8320 8318 e5c57d __crt_waiting_on_module_handle 2 API calls 8316->8318 8319 e5be8d 8317->8319 8321 e5beab 8318->8321 8319->8208 8320->8313 8320->8319 8321->8317 8321->8319 8323 e5b1f4 8322->8323 8325 e5b222 8323->8325 8372 e5f6fe 8323->8372 8325->8195 8326 e5bed7 TlsGetValue 8325->8326 8327 e5bf10 GetModuleHandleW 8326->8327 8328 e5beef 8326->8328 8329 e5bf20 8327->8329 8330 e5bf2b GetProcAddress 8327->8330 8328->8327 8331 e5bef9 TlsGetValue 8328->8331 8332 e5c57d __crt_waiting_on_module_handle 2 API calls 8329->8332 8335 e5bf08 8330->8335 8333 e5bf04 8331->8333 8334 e5bf26 8332->8334 8333->8327 8333->8335 8334->8330 8334->8335 8335->8195 8336 e5c440 8335->8336 8338 e5c449 8336->8338 8339 e5c3b5 8338->8339 8340 e5c467 Sleep 8338->8340 8377 e5f75e 8338->8377 8339->8195 8339->8220 8341 e5c47c 8340->8341 8341->8338 8341->8339 8666 e587a4 8342->8666 8344 e5bfd1 GetModuleHandleW 8345 e5bfe1 8344->8345 8346 e5bfe7 8344->8346 8347 e5c57d __crt_waiting_on_module_handle 2 API calls 8345->8347 8348 e5c023 8346->8348 8349 e5bfff GetProcAddress GetProcAddress 8346->8349 8347->8346 8350 e5b365 __lock 63 API calls 8348->8350 8349->8348 8351 e5c042 InterlockedIncrement 8350->8351 8667 e5c09a 8351->8667 8354 e5b365 __lock 63 API calls 8355 e5c063 8354->8355 8670 e5dff7 InterlockedIncrement 8355->8670 8357 e5c081 8682 e5c0a3 8357->8682 8359 e5c08e __calloc_impl 8359->8224 8361 e5bf9c 8360->8361 8362 e5bf90 8360->8362 8363 e5bfb0 TlsFree 8361->8363 8364 e5bfbe 8361->8364 8365 e5bed7 __decode_pointer 6 API calls 8362->8365 8363->8364 8364->8364 8365->8361 8367 e5be5c __encode_pointer 6 API calls 8366->8367 8368 e5bed5 8367->8368 8368->8307 8370 e5be5c __encode_pointer 6 API calls 8369->8370 8371 e5c8a1 8370->8371 8371->8310 8376 e587a4 8372->8376 8374 e5f70a InitializeCriticalSectionAndSpinCount 8375 e5f74e __calloc_impl 8374->8375 8375->8323 8376->8374 8378 e5f76a __calloc_impl 8377->8378 8379 e5f782 8378->8379 8389 e5f7a1 _memset 8378->8389 8390 e59274 8379->8390 8383 e5f813 HeapAlloc 8383->8389 8385 e5f797 __calloc_impl 8385->8338 8389->8383 8389->8385 8396 e5b365 8389->8396 8403 e5bb77 8389->8403 8409 e5f85a 8389->8409 8412 e5b145 8389->8412 8415 e5c0ac GetLastError 8390->8415 8392 e59279 8393 e5920c 8392->8393 8394 e5bed7 __decode_pointer 6 API calls 8393->8394 8395 e5921c __invoke_watson 8394->8395 8397 e5b38d EnterCriticalSection 8396->8397 8398 e5b37a 8396->8398 8397->8389 8462 e5b2a2 8398->8462 8400 e5b380 8400->8397 8401 e5c5ad __amsg_exit 66 API calls 8400->8401 8402 e5b38c 8401->8402 8402->8397 8406 e5bba5 8403->8406 8404 e5bc3e 8407 e5bc47 8404->8407 8661 e5b78e 8404->8661 8406->8404 8406->8407 8654 e5b6de 8406->8654 8407->8389 8665 e5b28b LeaveCriticalSection 8409->8665 8411 e5f861 8411->8389 8413 e5bed7 __decode_pointer 6 API calls 8412->8413 8414 e5b155 8413->8414 8414->8389 8429 e5bf52 TlsGetValue 8415->8429 8418 e5c119 SetLastError 8418->8392 8419 e5c440 __calloc_crt 64 API calls 8420 e5c0d7 8419->8420 8420->8418 8421 e5bed7 __decode_pointer 6 API calls 8420->8421 8422 e5c0f1 8421->8422 8423 e5c110 8422->8423 8424 e5c0f8 8422->8424 8434 e57f91 8423->8434 8425 e5bfc5 __initptd 64 API calls 8424->8425 8427 e5c100 GetCurrentThreadId 8425->8427 8427->8418 8428 e5c116 8428->8418 8430 e5bf67 8429->8430 8431 e5bf82 8429->8431 8432 e5bed7 __decode_pointer 6 API calls 8430->8432 8431->8418 8431->8419 8433 e5bf72 TlsSetValue 8432->8433 8433->8431 8435 e57f9d __calloc_impl 8434->8435 8436 e58016 __dosmaperr __calloc_impl 8435->8436 8438 e5b365 __lock 65 API calls 8435->8438 8446 e57fdc 8435->8446 8436->8428 8437 e57ff1 HeapFree 8437->8436 8439 e58003 8437->8439 8442 e57fb4 ___sbh_find_block 8438->8442 8440 e59274 strtoxl 65 API calls 8439->8440 8441 e58008 GetLastError 8440->8441 8441->8436 8443 e57fce 8442->8443 8447 e5b3c8 8442->8447 8454 e57fe7 8443->8454 8446->8436 8446->8437 8448 e5b407 8447->8448 8453 e5b6a9 8447->8453 8449 e5b5f3 VirtualFree 8448->8449 8448->8453 8450 e5b657 8449->8450 8451 e5b666 VirtualFree HeapFree 8450->8451 8450->8453 8457 e58d70 8451->8457 8453->8443 8461 e5b28b LeaveCriticalSection 8454->8461 8456 e57fee 8456->8446 8458 e58d88 8457->8458 8459 e58db7 8458->8459 8460 e58daf __VEC_memcpy 8458->8460 8459->8453 8460->8459 8461->8456 8463 e5b2ae __calloc_impl 8462->8463 8464 e5b2d4 8463->8464 8488 e5cf23 8463->8488 8470 e5b2e4 __calloc_impl 8464->8470 8534 e5c3fb 8464->8534 8470->8400 8472 e5b305 8475 e5b365 __lock 67 API calls 8472->8475 8473 e5b2f6 8474 e59274 strtoxl 67 API calls 8473->8474 8474->8470 8477 e5b30c 8475->8477 8478 e5b314 8477->8478 8479 e5b340 8477->8479 8480 e5f6fe __ioinit InitializeCriticalSectionAndSpinCount 8478->8480 8481 e57f91 ___free_lconv_num 67 API calls 8479->8481 8482 e5b31f 8480->8482 8487 e5b331 8481->8487 8484 e57f91 ___free_lconv_num 67 API calls 8482->8484 8482->8487 8485 e5b32b 8484->8485 8486 e59274 strtoxl 67 API calls 8485->8486 8486->8487 8539 e5b35c 8487->8539 8542 e5fec1 8488->8542 8491 e5cf37 8493 e5cd78 __NMSG_WRITE 67 API calls 8491->8493 8495 e5b2c3 8491->8495 8492 e5fec1 __set_error_mode 67 API calls 8492->8491 8494 e5cf4f 8493->8494 8496 e5cd78 __NMSG_WRITE 67 API calls 8494->8496 8497 e5cd78 8495->8497 8496->8495 8498 e5cd8c 8497->8498 8499 e5fec1 __set_error_mode 64 API calls 8498->8499 8530 e5b2ca 8498->8530 8500 e5cdae 8499->8500 8501 e5ceec GetStdHandle 8500->8501 8503 e5fec1 __set_error_mode 64 API calls 8500->8503 8502 e5cefa _strlen 8501->8502 8501->8530 8506 e5cf13 WriteFile 8502->8506 8502->8530 8504 e5cdbf 8503->8504 8504->8501 8505 e5cdd1 8504->8505 8505->8530 8548 e5f687 8505->8548 8506->8530 8509 e5ce07 GetModuleFileNameA 8511 e5ce25 8509->8511 8515 e5ce48 _strlen 8509->8515 8512 e5f687 _strcpy_s 64 API calls 8511->8512 8514 e5ce35 8512->8514 8514->8515 8516 e590e4 __invoke_watson 10 API calls 8514->8516 8527 e5ce8b 8515->8527 8564 e5fe0c 8515->8564 8516->8515 8520 e5ceaf 8523 e5fd98 _strcat_s 64 API calls 8520->8523 8522 e590e4 __invoke_watson 10 API calls 8522->8520 8524 e5cec3 8523->8524 8526 e5ced4 8524->8526 8528 e590e4 __invoke_watson 10 API calls 8524->8528 8525 e590e4 __invoke_watson 10 API calls 8525->8527 8582 e5fc2f 8526->8582 8573 e5fd98 8527->8573 8528->8526 8531 e5c601 8530->8531 8620 e5c5d6 GetModuleHandleW 8531->8620 8536 e5c404 8534->8536 8537 e5b2ef 8536->8537 8538 e5c41b Sleep 8536->8538 8624 e58529 8536->8624 8537->8472 8537->8473 8538->8536 8653 e5b28b LeaveCriticalSection 8539->8653 8541 e5b363 8541->8470 8543 e5fed0 8542->8543 8544 e59274 strtoxl 67 API calls 8543->8544 8545 e5cf2a 8543->8545 8546 e5fef3 8544->8546 8545->8491 8545->8492 8547 e5920c strtoxl 6 API calls 8546->8547 8547->8545 8549 e5f69f 8548->8549 8550 e5f698 8548->8550 8551 e59274 strtoxl 67 API calls 8549->8551 8550->8549 8553 e5f6c5 8550->8553 8556 e5f6a4 8551->8556 8552 e5920c strtoxl 6 API calls 8554 e5cdf3 8552->8554 8553->8554 8555 e59274 strtoxl 67 API calls 8553->8555 8554->8509 8557 e590e4 8554->8557 8555->8556 8556->8552 8609 e57a00 8557->8609 8559 e59111 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8560 e591ed GetCurrentProcess TerminateProcess 8559->8560 8563 e591e1 __invoke_watson 8559->8563 8611 e579e4 8560->8611 8562 e5920a 8562->8509 8563->8560 8568 e5fe1e 8564->8568 8565 e5fe22 8566 e5ce78 8565->8566 8567 e59274 strtoxl 67 API calls 8565->8567 8566->8525 8566->8527 8569 e5fe3e 8567->8569 8568->8565 8568->8566 8571 e5fe68 8568->8571 8570 e5920c strtoxl 6 API calls 8569->8570 8570->8566 8571->8566 8572 e59274 strtoxl 67 API calls 8571->8572 8572->8569 8574 e5fdb0 8573->8574 8577 e5fda9 8573->8577 8575 e59274 strtoxl 67 API calls 8574->8575 8576 e5fdb5 8575->8576 8578 e5920c strtoxl 6 API calls 8576->8578 8577->8574 8580 e5fde4 8577->8580 8579 e5ce9e 8578->8579 8579->8520 8579->8522 8580->8579 8581 e59274 strtoxl 67 API calls 8580->8581 8581->8576 8583 e5bece _doexit 6 API calls 8582->8583 8584 e5fc3f 8583->8584 8585 e5fc52 LoadLibraryA 8584->8585 8589 e5fcda 8584->8589 8587 e5fc67 GetProcAddress 8585->8587 8588 e5fd7c 8585->8588 8586 e5fd04 8591 e5bed7 __decode_pointer 6 API calls 8586->8591 8606 e5fd2f 8586->8606 8587->8588 8590 e5fc7d 8587->8590 8588->8530 8589->8586 8592 e5bed7 __decode_pointer 6 API calls 8589->8592 8593 e5be5c __encode_pointer 6 API calls 8590->8593 8602 e5fd47 8591->8602 8595 e5fcf7 8592->8595 8596 e5fc83 GetProcAddress 8593->8596 8594 e5bed7 __decode_pointer 6 API calls 8594->8588 8597 e5bed7 __decode_pointer 6 API calls 8595->8597 8598 e5be5c __encode_pointer 6 API calls 8596->8598 8597->8586 8599 e5fc98 GetProcAddress 8598->8599 8600 e5be5c __encode_pointer 6 API calls 8599->8600 8601 e5fcad GetProcAddress 8600->8601 8603 e5be5c __encode_pointer 6 API calls 8601->8603 8604 e5bed7 __decode_pointer 6 API calls 8602->8604 8602->8606 8605 e5fcc2 8603->8605 8604->8606 8605->8589 8607 e5fccc GetProcAddress 8605->8607 8606->8594 8608 e5be5c __encode_pointer 6 API calls 8607->8608 8608->8589 8610 e57a0c __VEC_memzero 8609->8610 8610->8559 8612 e579ec 8611->8612 8613 e579ee IsDebuggerPresent 8611->8613 8612->8562 8619 e5d7c3 8613->8619 8616 e588ca SetUnhandledExceptionFilter UnhandledExceptionFilter 8617 e588e7 __invoke_watson 8616->8617 8618 e588ef GetCurrentProcess TerminateProcess 8616->8618 8617->8618 8618->8562 8619->8616 8621 e5c5ff ExitProcess 8620->8621 8622 e5c5ea GetProcAddress 8620->8622 8622->8621 8623 e5c5fa 8622->8623 8623->8621 8625 e585dc 8624->8625 8634 e5853b 8624->8634 8626 e5b145 __calloc_impl 6 API calls 8625->8626 8627 e585e2 8626->8627 8629 e59274 strtoxl 66 API calls 8627->8629 8628 e5cf23 __FF_MSGBANNER 66 API calls 8628->8634 8640 e585d4 8629->8640 8631 e5cd78 __NMSG_WRITE 66 API calls 8631->8634 8632 e58598 HeapAlloc 8632->8634 8633 e5c601 _doexit 3 API calls 8633->8634 8634->8628 8634->8631 8634->8632 8634->8633 8635 e585c8 8634->8635 8637 e5b145 __calloc_impl 6 API calls 8634->8637 8638 e585cd 8634->8638 8634->8640 8641 e584da 8634->8641 8636 e59274 strtoxl 66 API calls 8635->8636 8636->8638 8637->8634 8639 e59274 strtoxl 66 API calls 8638->8639 8639->8640 8640->8536 8642 e584e6 __calloc_impl 8641->8642 8643 e58517 __calloc_impl 8642->8643 8644 e5b365 __lock 67 API calls 8642->8644 8643->8634 8645 e584fc 8644->8645 8646 e5bb77 ___sbh_alloc_block 5 API calls 8645->8646 8647 e58507 8646->8647 8649 e58520 8647->8649 8652 e5b28b LeaveCriticalSection 8649->8652 8651 e58527 8651->8643 8652->8651 8653->8541 8655 e5b725 HeapAlloc 8654->8655 8656 e5b6f1 HeapReAlloc 8654->8656 8658 e5b748 VirtualAlloc 8655->8658 8660 e5b70f 8655->8660 8657 e5b713 8656->8657 8656->8660 8657->8655 8659 e5b762 HeapFree 8658->8659 8658->8660 8659->8660 8660->8404 8662 e5b7a5 VirtualAlloc 8661->8662 8664 e5b7ec 8662->8664 8664->8407 8665->8411 8666->8344 8685 e5b28b LeaveCriticalSection 8667->8685 8669 e5c05c 8669->8354 8671 e5e015 InterlockedIncrement 8670->8671 8672 e5e018 8670->8672 8671->8672 8673 e5e025 8672->8673 8674 e5e022 InterlockedIncrement 8672->8674 8675 e5e032 8673->8675 8676 e5e02f InterlockedIncrement 8673->8676 8674->8673 8677 e5e03c InterlockedIncrement 8675->8677 8679 e5e03f 8675->8679 8676->8675 8677->8679 8678 e5e058 InterlockedIncrement 8678->8679 8679->8678 8680 e5e068 InterlockedIncrement 8679->8680 8681 e5e073 InterlockedIncrement 8679->8681 8680->8679 8681->8357 8686 e5b28b LeaveCriticalSection 8682->8686 8684 e5c0aa 8684->8359 8685->8669 8686->8684 8687->8227 8689 e5ff24 8688->8689 8690 e5ff1d 8688->8690 8691 e59274 strtoxl 67 API calls 8689->8691 8690->8689 8695 e5ff50 8690->8695 8692 e5ff29 8691->8692 8693 e5920c strtoxl 6 API calls 8692->8693 8694 e5ff38 8693->8694 8694->8263 8695->8694 8696 e59274 strtoxl 67 API calls 8695->8696 8696->8692 8698 e5f44d 8697->8698 8699 e5be5c __encode_pointer 6 API calls 8698->8699 8700 e5f465 8698->8700 8699->8698 8700->8269 8704 e5810a 8701->8704 8703 e58153 8703->8271 8705 e58116 __calloc_impl 8704->8705 8712 e5c619 8705->8712 8711 e58137 __calloc_impl 8711->8703 8713 e5b365 __lock 67 API calls 8712->8713 8714 e5811b 8713->8714 8715 e5801f 8714->8715 8716 e5bed7 __decode_pointer 6 API calls 8715->8716 8717 e58033 8716->8717 8718 e5bed7 __decode_pointer 6 API calls 8717->8718 8719 e58043 8718->8719 8720 e580c6 8719->8720 8735 e5c4da 8719->8735 8732 e58140 8720->8732 8722 e580ad 8723 e5be5c __encode_pointer 6 API calls 8722->8723 8724 e580bb 8723->8724 8727 e5be5c __encode_pointer 6 API calls 8724->8727 8725 e58061 8725->8722 8726 e58085 8725->8726 8748 e5c48c 8725->8748 8726->8720 8729 e5c48c __realloc_crt 73 API calls 8726->8729 8730 e5809b 8726->8730 8727->8720 8729->8730 8730->8720 8731 e5be5c __encode_pointer 6 API calls 8730->8731 8731->8722 8797 e5c622 8732->8797 8736 e5c4e6 __calloc_impl 8735->8736 8737 e5c4f6 8736->8737 8738 e5c513 8736->8738 8739 e59274 strtoxl 67 API calls 8737->8739 8740 e5c554 HeapSize 8738->8740 8742 e5b365 __lock 67 API calls 8738->8742 8741 e5c4fb 8739->8741 8744 e5c50b __calloc_impl 8740->8744 8743 e5920c strtoxl 6 API calls 8741->8743 8745 e5c523 ___sbh_find_block 8742->8745 8743->8744 8744->8725 8753 e5c574 8745->8753 8751 e5c495 8748->8751 8750 e5c4d4 8750->8726 8751->8750 8752 e5c4b5 Sleep 8751->8752 8757 e5cb5d 8751->8757 8752->8751 8756 e5b28b LeaveCriticalSection 8753->8756 8755 e5c54f 8755->8740 8755->8744 8756->8755 8758 e5cb69 __calloc_impl 8757->8758 8759 e5cb70 8758->8759 8760 e5cb7e 8758->8760 8763 e58529 _malloc 67 API calls 8759->8763 8761 e5cb85 8760->8761 8762 e5cb91 8760->8762 8764 e57f91 ___free_lconv_num 67 API calls 8761->8764 8769 e5cd03 8762->8769 8791 e5cb9e _realloc ___sbh_resize_block ___sbh_find_block 8762->8791 8779 e5cb78 __dosmaperr __calloc_impl 8763->8779 8764->8779 8765 e5cd36 8766 e5b145 __calloc_impl 6 API calls 8765->8766 8770 e5cd3c 8766->8770 8767 e5b365 __lock 67 API calls 8767->8791 8768 e5cd08 HeapReAlloc 8768->8769 8768->8779 8769->8765 8769->8768 8771 e5cd5a 8769->8771 8773 e5b145 __calloc_impl 6 API calls 8769->8773 8775 e5cd50 8769->8775 8772 e59274 strtoxl 67 API calls 8770->8772 8774 e59274 strtoxl 67 API calls 8771->8774 8771->8779 8772->8779 8773->8769 8776 e5cd63 GetLastError 8774->8776 8778 e59274 strtoxl 67 API calls 8775->8778 8776->8779 8780 e5ccd1 8778->8780 8779->8751 8780->8779 8782 e5ccd6 GetLastError 8780->8782 8781 e5cc29 HeapAlloc 8781->8791 8782->8779 8783 e5cc7e HeapReAlloc 8783->8791 8784 e5bb77 ___sbh_alloc_block 5 API calls 8784->8791 8785 e5cce9 8785->8779 8787 e59274 strtoxl 67 API calls 8785->8787 8786 e5b145 __calloc_impl 6 API calls 8786->8791 8789 e5ccf6 8787->8789 8788 e5cccc 8790 e59274 strtoxl 67 API calls 8788->8790 8789->8776 8789->8779 8790->8780 8791->8765 8791->8767 8791->8779 8791->8781 8791->8783 8791->8784 8791->8785 8791->8786 8791->8788 8792 e5b3c8 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 8791->8792 8793 e5cca1 8791->8793 8792->8791 8796 e5b28b LeaveCriticalSection 8793->8796 8795 e5cca8 8795->8791 8796->8795 8800 e5b28b LeaveCriticalSection 8797->8800 8799 e58145 8799->8711 8800->8799 8802 e52fdd 8801->8802 8803 e52fe6 std::exception::exception 8802->8803 8804 e52feb GetCurrentThreadId 8802->8804 8803->8275 8828 e57f2c 8804->8828 8852 e52c10 8806->8852 8810 e52d7b 8881 e52ec0 8810->8881 8812 e52d91 8889 e52e60 8812->8889 8814 e52d9e 8897 e516e0 8814->8897 8820 e52dce 8820->8277 9184 e53310 8821->9184 8824 e53140 9202 e53160 8824->9202 8830 e57f36 8828->8830 8829 e58529 _malloc 67 API calls 8829->8830 8830->8829 8831 e57f50 8830->8831 8832 e5b145 __calloc_impl 6 API calls 8830->8832 8835 e57f52 std::bad_alloc::bad_alloc 8830->8835 8831->8803 8832->8830 8833 e57f78 8840 e57f0f 8833->8840 8835->8833 8837 e58146 __cinit 74 API calls 8835->8837 8837->8833 8839 e57f90 8846 e5b095 8840->8846 8843 e5b16d 8844 e5b196 8843->8844 8845 e5b1a2 RaiseException 8843->8845 8844->8845 8845->8839 8847 e57f1f 8846->8847 8848 e5b0b5 _strlen 8846->8848 8847->8843 8848->8847 8849 e58529 _malloc 67 API calls 8848->8849 8850 e5b0c8 8849->8850 8850->8847 8851 e5f687 _strcpy_s 67 API calls 8850->8851 8851->8847 8853 e516e0 68 API calls 8852->8853 8854 e52c30 8853->8854 8920 e510a0 8854->8920 8856 e52c3c 8857 e52ec0 68 API calls 8856->8857 8858 e52c5e _DebugHeapAllocator 8857->8858 8859 e52c68 FindFirstFileW 8858->8859 8869 e52c80 8859->8869 8860 e52cf8 FindClose 8861 e52ec0 68 API calls 8860->8861 8863 e52d21 8861->8863 8862 e52cdc FindNextFileW 8862->8869 8865 e52e60 68 API calls 8863->8865 8864 e516e0 68 API calls 8864->8869 8868 e52d2e 8865->8868 8866 e516c0 _DebugHeapAllocator 68 API calls 8866->8869 8871 e579e4 __fputwc_nolock 5 API calls 8868->8871 8869->8860 8869->8862 8869->8864 8869->8866 8929 e51570 8869->8929 8936 e51760 8869->8936 8872 e52d5c 8871->8872 8873 e51000 8872->8873 8874 e51050 69 API calls 8873->8874 8875 e5100f _DebugHeapAllocator 8874->8875 8876 e51019 PathFindFileNameW 8875->8876 8877 e516e0 68 API calls 8876->8877 8878 e51029 8877->8878 8879 e516c0 _DebugHeapAllocator 68 API calls 8878->8879 8880 e5103d 8879->8880 8880->8810 8882 e52ecc 8881->8882 9065 e51aa0 8882->9065 8884 e52ed5 _DebugHeapAllocator 9068 e52f20 8884->9068 8887 e516c0 _DebugHeapAllocator 68 API calls 8888 e52f10 8887->8888 8888->8812 8890 e52e6c 8889->8890 8891 e51aa0 _DebugHeapAllocator RaiseException 8890->8891 8892 e52e75 _DebugHeapAllocator 8891->8892 8893 e52f20 68 API calls 8892->8893 8894 e52ea2 8893->8894 8895 e516c0 _DebugHeapAllocator 68 API calls 8894->8895 8896 e52eb1 8895->8896 8896->8814 8898 e516ec 8897->8898 8899 e51900 _DebugHeapAllocator RaiseException 8898->8899 8901 e516f5 8899->8901 8900 e51714 8903 e516c0 8900->8903 8901->8900 8902 e51760 _DebugHeapAllocator 68 API calls 8901->8902 8902->8900 9077 e51950 8903->9077 8905 e516d3 8906 e51230 8905->8906 8907 e516a0 RaiseException 8906->8907 8908 e5123e 8907->8908 9087 e52230 8908->9087 8911 e516c0 _DebugHeapAllocator 68 API calls 8912 e51263 8911->8912 9090 e510f0 8912->9090 8914 e5126c _memset _DebugHeapAllocator 9099 e51660 8914->9099 8917 e51660 68 API calls 8918 e512b2 CreateProcessW 8917->8918 8919 e512ca 8918->8919 8919->8820 8939 e51050 8920->8939 8922 e510ad 8948 e528c0 8922->8948 8927 e516c0 _DebugHeapAllocator 68 API calls 8928 e510da 8927->8928 8928->8856 8930 e516c0 _DebugHeapAllocator 68 API calls 8929->8930 8931 e51582 8930->8931 8932 e516c0 _DebugHeapAllocator 68 API calls 8931->8932 8933 e5158e 8932->8933 9011 e51400 8933->9011 8935 e51593 8935->8869 9021 e51a40 8936->9021 8955 e516a0 8939->8955 8942 e528c0 _DebugHeapAllocator 68 API calls 8943 e5106e GetModuleFileNameW 8942->8943 8944 e528e0 RaiseException 8943->8944 8945 e51081 8944->8945 8946 e516c0 _DebugHeapAllocator 68 API calls 8945->8946 8947 e5108d 8946->8947 8947->8922 8968 e52990 8948->8968 8951 e528e0 8954 e528ef _DebugHeapAllocator 8951->8954 8953 e510ce 8953->8927 9007 e529e0 8954->9007 8956 e516ac 8955->8956 8959 e51900 8956->8959 8958 e5105c 8958->8942 8960 e51909 8959->8960 8962 e51929 _DebugHeapAllocator 8960->8962 8963 e52340 8960->8963 8962->8958 8964 e52355 8963->8964 8967 e52380 RaiseException 8964->8967 8966 e52372 8966->8960 8967->8966 8969 e529a1 _DebugHeapAllocator 8968->8969 8970 e510bd PathRemoveFileSpecW 8969->8970 8972 e52a30 8969->8972 8970->8951 8973 e52a41 _DebugHeapAllocator 8972->8973 8974 e52a67 8973->8974 8977 e52a75 8973->8977 8979 e52ad0 8974->8979 8976 e52a73 8976->8970 8977->8976 8985 e52b90 8977->8985 8980 e52ae1 _DebugHeapAllocator 8979->8980 8982 e52b21 _DebugHeapAllocator 8980->8982 8992 e52c00 8980->8992 8995 e52750 8982->8995 8984 e52b5f _DebugHeapAllocator 8984->8976 8986 e52ba1 _DebugHeapAllocator 8985->8986 8987 e52bbd 8986->8987 8990 e52bc4 8986->8990 8988 e52c00 _DebugHeapAllocator RaiseException 8987->8988 8989 e52bc2 _DebugHeapAllocator 8988->8989 8989->8976 8990->8989 8991 e52c00 _DebugHeapAllocator RaiseException 8990->8991 8991->8989 8993 e52340 _DebugHeapAllocator RaiseException 8992->8993 8994 e52c0d 8993->8994 8994->8982 8998 e57df5 8995->8998 8997 e5276c 8997->8984 9001 e57e05 _realloc 8998->9001 9003 e57e09 _memset 8998->9003 8999 e57e0e 9000 e59274 strtoxl 67 API calls 8999->9000 9002 e57e13 9000->9002 9001->8997 9005 e5920c strtoxl 6 API calls 9002->9005 9003->8999 9003->9001 9004 e57e58 9003->9004 9004->9001 9006 e59274 strtoxl 67 API calls 9004->9006 9005->9001 9006->9002 9008 e529ed _DebugHeapAllocator 9007->9008 9009 e52340 _DebugHeapAllocator RaiseException 9008->9009 9010 e52a07 _DebugHeapAllocator 9008->9010 9009->9010 9010->8953 9012 e516a0 RaiseException 9011->9012 9013 e5140e 9012->9013 9014 e516a0 RaiseException 9013->9014 9019 e51416 _DebugHeapAllocator 9014->9019 9015 e517a0 68 API calls 9015->9019 9016 e51740 68 API calls _DebugHeapAllocator 9016->9019 9017 e57a90 78 API calls 9017->9019 9018 e518e0 RaiseException 9018->9019 9019->9015 9019->9016 9019->9017 9019->9018 9020 e514a0 9019->9020 9020->8935 9024 e51d30 9021->9024 9025 e51d40 _DebugHeapAllocator 9024->9025 9028 e51d60 9025->9028 9029 e51d7c 9028->9029 9030 e51d6f 9028->9030 9033 e52340 _DebugHeapAllocator RaiseException 9029->9033 9034 e51d8c _DebugHeapAllocator 9029->9034 9043 e52850 9030->9043 9032 e51773 9032->8862 9033->9034 9035 e528c0 _DebugHeapAllocator 68 API calls 9034->9035 9036 e51db5 9035->9036 9037 e51de5 _DebugHeapAllocator 9036->9037 9038 e51dc0 _DebugHeapAllocator 9036->9038 9040 e52750 _wmemcpy_s 67 API calls 9037->9040 9047 e52130 9038->9047 9041 e51de0 9040->9041 9050 e52110 9041->9050 9044 e52861 _DebugHeapAllocator 9043->9044 9045 e529e0 _DebugHeapAllocator RaiseException 9044->9045 9046 e52875 _DebugHeapAllocator 9044->9046 9045->9046 9046->9032 9053 e57a9b 9047->9053 9051 e529e0 _DebugHeapAllocator RaiseException 9050->9051 9052 e52123 9051->9052 9052->9032 9054 e57aab 9053->9054 9064 e5214c 9053->9064 9055 e57ab0 9054->9055 9057 e57ad0 9054->9057 9056 e59274 strtoxl 67 API calls 9055->9056 9063 e57ab5 9056->9063 9058 e57ad5 9057->9058 9059 e57ae3 9057->9059 9060 e59274 strtoxl 67 API calls 9058->9060 9061 e58d70 ___sbh_free_block __VEC_memcpy 9059->9061 9060->9063 9061->9064 9062 e5920c strtoxl 6 API calls 9062->9064 9063->9062 9064->9041 9066 e51900 _DebugHeapAllocator RaiseException 9065->9066 9067 e51ab3 9066->9067 9067->8884 9069 e528c0 _DebugHeapAllocator 68 API calls 9068->9069 9070 e52f3b 9069->9070 9071 e52750 _wmemcpy_s 67 API calls 9070->9071 9072 e52f53 9071->9072 9073 e52750 _wmemcpy_s 67 API calls 9072->9073 9074 e52f71 9073->9074 9075 e52110 _DebugHeapAllocator RaiseException 9074->9075 9076 e52f01 9075->9076 9076->8887 9078 e51961 _DebugHeapAllocator 9077->9078 9081 e51e20 9078->9081 9080 e5196d _DebugHeapAllocator 9080->8905 9082 e51e40 _DebugHeapAllocator 9081->9082 9083 e52c00 _DebugHeapAllocator RaiseException 9082->9083 9084 e51e5c _DebugHeapAllocator 9082->9084 9085 e51e8f _DebugHeapAllocator 9082->9085 9083->9085 9084->9080 9086 e52750 _wmemcpy_s 67 API calls 9085->9086 9086->9084 9103 e522a0 9087->9103 9091 e516c0 _DebugHeapAllocator 68 API calls 9090->9091 9092 e51100 9091->9092 9093 e528c0 _DebugHeapAllocator 68 API calls 9092->9093 9094 e5110d PathRemoveFileSpecW 9093->9094 9095 e528e0 RaiseException 9094->9095 9096 e5111e 9095->9096 9097 e516c0 _DebugHeapAllocator 68 API calls 9096->9097 9098 e5112a 9097->9098 9098->8914 9100 e51671 _DebugHeapAllocator 9099->9100 9101 e512a9 9100->9101 9102 e52ad0 _DebugHeapAllocator 68 API calls 9100->9102 9101->8917 9102->9101 9104 e522af 9103->9104 9105 e522b9 9103->9105 9106 e52340 _DebugHeapAllocator RaiseException 9104->9106 9115 e526a0 9105->9115 9106->9105 9109 e528c0 _DebugHeapAllocator 68 API calls 9110 e522d8 9109->9110 9118 e526c0 9110->9118 9113 e52110 _DebugHeapAllocator RaiseException 9114 e51254 9113->9114 9114->8911 9121 e57c39 9115->9121 9130 e57dd8 9118->9130 9124 e57be2 9121->9124 9125 e57bf2 9124->9125 9129 e522c6 9124->9129 9126 e59274 strtoxl 67 API calls 9125->9126 9127 e57bf7 9126->9127 9128 e5920c strtoxl 6 API calls 9127->9128 9128->9129 9129->9109 9133 e57d4d 9130->9133 9134 e57d77 9133->9134 9135 e57d5a 9133->9135 9137 e57d84 9134->9137 9139 e57d91 9134->9139 9136 e59274 strtoxl 67 API calls 9135->9136 9138 e57d5f 9136->9138 9140 e59274 strtoxl 67 API calls 9137->9140 9141 e5920c strtoxl 6 API calls 9138->9141 9148 e57c55 9139->9148 9147 e57d89 9140->9147 9144 e522f3 9141->9144 9143 e5920c strtoxl 6 API calls 9143->9144 9144->9113 9146 e59274 strtoxl 67 API calls 9146->9147 9147->9143 9149 e57c65 9148->9149 9150 e57c85 9148->9150 9151 e59274 strtoxl 67 API calls 9149->9151 9152 e57c95 9150->9152 9158 e57cb5 9150->9158 9153 e57c6a 9151->9153 9155 e59274 strtoxl 67 API calls 9152->9155 9154 e5920c strtoxl 6 API calls 9153->9154 9161 e57c7a 9154->9161 9156 e57c9a 9155->9156 9157 e5920c strtoxl 6 API calls 9156->9157 9157->9161 9159 e57cfc 9158->9159 9158->9161 9163 e592bd 9158->9163 9159->9161 9162 e592bd __flsbuf 101 API calls 9159->9162 9161->9144 9161->9146 9162->9161 9164 e5f28e __fileno 67 API calls 9163->9164 9165 e592cd 9164->9165 9166 e592ef 9165->9166 9167 e592d8 9165->9167 9169 e592f3 9166->9169 9172 e59300 __flsbuf 9166->9172 9168 e59274 strtoxl 67 API calls 9167->9168 9171 e592dd 9168->9171 9170 e59274 strtoxl 67 API calls 9169->9170 9170->9171 9171->9159 9172->9171 9179 e5f075 __write_nolock 67 API calls 9172->9179 9180 e59356 9172->9180 9183 e59361 9172->9183 9173 e593f0 9175 e5ef50 __locking 101 API calls 9173->9175 9174 e59370 9176 e59387 9174->9176 9178 e593a4 9174->9178 9175->9171 9177 e5ef50 __locking 101 API calls 9176->9177 9177->9171 9178->9171 9181 e5e704 __lseeki64 71 API calls 9178->9181 9179->9180 9182 e5f02c __getbuf 67 API calls 9180->9182 9180->9183 9181->9171 9182->9183 9183->9173 9183->9174 9209 e533b0 9184->9209 9189 e53337 9192 e53365 9189->9192 9196 e5334f 9189->9196 9190 e5332d 9215 e53450 9190->9215 9193 e53384 9192->9193 9222 e53470 9192->9222 9225 e53400 9193->9225 9194 e53121 9194->8824 9206 e53420 9194->9206 9218 e534e0 9196->9218 9201 e53450 LeaveCriticalSection 9201->9194 9203 e53172 9202->9203 9255 e53200 9203->9255 9267 e534a0 9206->9267 9208 e5342f codecvt 9208->8824 9228 e535a0 9209->9228 9212 e533e0 9213 e53610 EnterCriticalSection 9212->9213 9214 e53329 9213->9214 9214->9189 9214->9190 9238 e535f0 9215->9238 9219 e534ed 9218->9219 9220 e5335c DestroyWindow 9219->9220 9247 e52380 RaiseException 9219->9247 9220->9192 9248 e536b0 9222->9248 9224 e5347f codecvt 9224->9193 9226 e53660 LeaveCriticalSection 9225->9226 9227 e533a2 9226->9227 9227->9201 9229 e535c0 9228->9229 9230 e53321 9228->9230 9234 e53610 9229->9234 9230->9212 9232 e535c8 9232->9230 9233 e52340 _DebugHeapAllocator RaiseException 9232->9233 9233->9230 9237 e53640 EnterCriticalSection 9234->9237 9236 e53623 9236->9232 9237->9236 9239 e53602 9238->9239 9240 e5345f 9238->9240 9242 e53660 9239->9242 9240->9194 9243 e53667 9242->9243 9243->9243 9246 e53690 LeaveCriticalSection 9243->9246 9245 e53679 9245->9240 9246->9245 9247->9220 9251 e536d0 9248->9251 9252 e536bf 9251->9252 9253 e536e1 9251->9253 9252->9224 9254 e57f91 ___free_lconv_num 67 API calls 9253->9254 9254->9252 9256 e52e4b CoUninitialize 9255->9256 9257 e53214 9255->9257 9256->8183 9258 e5323e 9257->9258 9261 e532a0 9257->9261 9265 e53280 DeleteCriticalSection 9258->9265 9262 e532ac 9261->9262 9263 e532b8 codecvt 9261->9263 9266 e52380 RaiseException 9262->9266 9263->9258 9265->9256 9266->9263 9270 e53520 9267->9270 9271 e53531 9270->9271 9272 e5355b 9270->9272 9275 e57f91 ___free_lconv_num 67 API calls 9271->9275 9273 e534af 9272->9273 9274 e57f91 ___free_lconv_num 67 API calls 9272->9274 9273->9208 9274->9273 9275->9272 9277 e5c6fd __calloc_impl 9276->9277 9278 e5b365 __lock 67 API calls 9277->9278 9279 e5c704 9278->9279 9280 e5c7cd __initterm 9279->9280 9282 e5c730 9279->9282 9295 e5c808 9280->9295 9284 e5bed7 __decode_pointer 6 API calls 9282->9284 9286 e5c73b 9284->9286 9285 e5c805 __calloc_impl 9285->8282 9288 e5c7bd __initterm 9286->9288 9290 e5bed7 __decode_pointer 6 API calls 9286->9290 9288->9280 9289 e5c7fc 9291 e5c601 _doexit 3 API calls 9289->9291 9294 e5c750 9290->9294 9291->9285 9292 e5bece 6 API calls _doexit 9292->9294 9293 e5bed7 6 API calls __decode_pointer 9293->9294 9294->9288 9294->9292 9294->9293 9296 e5c7e9 9295->9296 9297 e5c80e 9295->9297 9296->9285 9299 e5b28b LeaveCriticalSection 9296->9299 9300 e5b28b LeaveCriticalSection 9297->9300 9299->9289 9300->9296

                                                              Executed Functions

                                                              Function 00E52C10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93memoryfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 00E516E0: _DebugHeapAllocator.LIBCPMTD ref: 00E5170F
                                                                • Part of subcall function 00E510A0: PathRemoveFileSpecW.SHLWAPI(00000000,00000104), ref: 00E510BE
                                                                • Part of subcall function 00E510A0: _DebugHeapAllocator.LIBCPMTD ref: 00E510D5
                                                                • Part of subcall function 00E52EC0: _DebugHeapAllocator.LIBCPMTD ref: 00E52ED0
                                                                • Part of subcall function 00E52EC0: _DebugHeapAllocator.LIBCPMTD ref: 00E52F0B
                                                              • FindFirstFileW.KERNELBASE(00000000,?,?,?,0.0.0.0), ref: 00E52C69
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E52CBC
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E52CD7
                                                              • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,0.0.0.0), ref: 00E52CEA
                                                              • FindClose.KERNELBASE(000000FF,?,?,?,0.0.0.0), ref: 00E52CFF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorDebugHeap$FileFind$CloseFirstNextPathRemoveSpec
                                                              • String ID: 0.0.0.0
                                                              • API String ID: 1203618473-3771769585
                                                              • Opcode ID: b03c7dad8cb5096bbc731d7bc2f553749fe5cde1e3d3421a491b922b6859d759
                                                              • Instruction ID: 3bc58d82dfc214c8f4cd6ce27350db958777bc9e0bb5b2b2fb6449ba7429e928
                                                              • Opcode Fuzzy Hash: b03c7dad8cb5096bbc731d7bc2f553749fe5cde1e3d3421a491b922b6859d759
                                                              • Instruction Fuzzy Hash: 04317671D042189FCF14EBA4EC4AADEB7B8AB45341F005AD9E90AB2151EF706B8CCF50
                                                              Function 00E51230 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64memoryprocessCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E5125E
                                                                • Part of subcall function 00E510F0: _DebugHeapAllocator.LIBCPMTD ref: 00E510FB
                                                                • Part of subcall function 00E510F0: PathRemoveFileSpecW.SHLWAPI(00000000,00000104,?), ref: 00E5110E
                                                                • Part of subcall function 00E510F0: _DebugHeapAllocator.LIBCPMTD ref: 00E51125
                                                              • _memset.LIBCMT ref: 00E51277
                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E512B3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorDebugHeap$CreateFilePathProcessRemoveSpec_memset
                                                              • String ID: "%s" %s$D
                                                              • API String ID: 770554504-3971972636
                                                              • Opcode ID: a6051445fd47b3a837da4b51a8666ce6757d097f42deca6a93bff51af3bea188
                                                              • Instruction ID: 16e6e6734ac7413ba53e88bcf39d1d2fb18d855ea5e42710e823b2c366ffc56b
                                                              • Opcode Fuzzy Hash: a6051445fd47b3a837da4b51a8666ce6757d097f42deca6a93bff51af3bea188
                                                              • Instruction Fuzzy Hash: 891133B5910108ABCB04EFD4DC42EEE77B8AB14341F005559BD067A181EB746B0CCBA1
                                                              Function 00E52DF0 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 00E52DF8
                                                              • DefWindowProcW.USER32(00000000,00000000,00000000,00000000), ref: 00E52E09
                                                                • Part of subcall function 00E52F90: InitCommonControlsEx.COMCTL32(00000008), ref: 00E52FA7
                                                                • Part of subcall function 00E52D60: _DebugHeapAllocator.LIBCPMTD ref: 00E52DC4
                                                                • Part of subcall function 00E53110: codecvt.LIBCPMTD ref: 00E5313B
                                                              • CoUninitialize.COMBASE(?,00000000), ref: 00E52E4B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorCommonControlsDebugHeapInitInitializeProcUninitializeWindowcodecvt
                                                              • String ID:
                                                              • API String ID: 1100336453-0
                                                              • Opcode ID: 2756ee0a8a71b9d91752b834bf530c3584fe1eeab378ed8604d4707090593ee8
                                                              • Instruction ID: 3c2dcd8b5392de8f37dc54f98dc9daea5c7d9b1455d48770147d640406880e8f
                                                              • Opcode Fuzzy Hash: 2756ee0a8a71b9d91752b834bf530c3584fe1eeab378ed8604d4707090593ee8
                                                              • Instruction Fuzzy Hash: A2F09675A48208AFD740EFA0BC03B5E36B4AB45702F10441CFF05BB2C1D9B169148772
                                                              Function 00E5C601 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 70 e5c601-e5c612 call e5c5d6 ExitProcess
                                                              APIs
                                                              • ___crtCorExitProcess.LIBCMT ref: 00E5C609
                                                                • Part of subcall function 00E5C5D6: GetModuleHandleW.KERNEL32(mscoree.dll,?,00E5C60E,00000000,?,00E58562,000000FF,0000001E,?,00E5C40C,00000000,00000001,00000000,?,00E5B2EF,00000018), ref: 00E5C5E0
                                                                • Part of subcall function 00E5C5D6: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E5C5F0
                                                              • ExitProcess.KERNEL32 ref: 00E5C612
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                              • String ID:
                                                              • API String ID: 2427264223-0
                                                              • Opcode ID: 4884bdeda34cd8a896a0d9caeb677f4cd0e46068b85aede7d45a80a9022eacbc
                                                              • Instruction ID: 4eaf16eca588f854e4d5046d52046ddcfbf1067294e475f37850ca878aa80399
                                                              • Opcode Fuzzy Hash: 4884bdeda34cd8a896a0d9caeb677f4cd0e46068b85aede7d45a80a9022eacbc
                                                              • Instruction Fuzzy Hash: F4B09B310042087FCB112F52DC0E8493F55EB413917104424F90415171DFB1AE579585
                                                              Function 00E52D60 Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 00E52C10: FindFirstFileW.KERNELBASE(00000000,?,?,?,0.0.0.0), ref: 00E52C69
                                                                • Part of subcall function 00E52C10: _DebugHeapAllocator.LIBCPMTD ref: 00E52CBC
                                                                • Part of subcall function 00E52C10: _DebugHeapAllocator.LIBCPMTD ref: 00E52CD7
                                                                • Part of subcall function 00E52C10: FindNextFileW.KERNELBASE(000000FF,?,?,?,?,0.0.0.0), ref: 00E52CEA
                                                                • Part of subcall function 00E52C10: FindClose.KERNELBASE(000000FF,?,?,?,0.0.0.0), ref: 00E52CFF
                                                                • Part of subcall function 00E51000: PathFindFileNameW.SHLWAPI(00000000), ref: 00E5101A
                                                                • Part of subcall function 00E51000: _DebugHeapAllocator.LIBCPMTD ref: 00E51038
                                                                • Part of subcall function 00E52EC0: _DebugHeapAllocator.LIBCPMTD ref: 00E52ED0
                                                                • Part of subcall function 00E52EC0: _DebugHeapAllocator.LIBCPMTD ref: 00E52F0B
                                                                • Part of subcall function 00E52E60: _DebugHeapAllocator.LIBCPMTD ref: 00E52E70
                                                                • Part of subcall function 00E52E60: _DebugHeapAllocator.LIBCPMTD ref: 00E52EAC
                                                                • Part of subcall function 00E516E0: _DebugHeapAllocator.LIBCPMTD ref: 00E5170F
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E52DC4
                                                                • Part of subcall function 00E51230: _DebugHeapAllocator.LIBCPMTD ref: 00E5125E
                                                                • Part of subcall function 00E51230: _memset.LIBCMT ref: 00E51277
                                                                • Part of subcall function 00E51230: CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E512B3
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorDebugHeap$Find$File$CloseCreateFirstNameNextPathProcess_memset
                                                              • String ID:
                                                              • API String ID: 816534697-0
                                                              • Opcode ID: cd04641af08e288981d9c944f56b872b50568223e2e8983cecde631b24d9ec6f
                                                              • Instruction ID: bb3a302a6819fe688c9875d7b3eb2e32e6ca768f78f87b62a4db50dfd49011cd
                                                              • Opcode Fuzzy Hash: cd04641af08e288981d9c944f56b872b50568223e2e8983cecde631b24d9ec6f
                                                              • Instruction Fuzzy Hash: 2E0144B9D1010867CB04FBE4EC43AEEB7BC9B14345F401999BD16B2142EF74670D8AB2
                                                              Function 00E5B1B9 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 96 e5b1b9-e5b1db HeapCreate 97 e5b1dd-e5b1de 96->97 98 e5b1df-e5b1e8 96->98
                                                              APIs
                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00E5B1CE
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateHeap
                                                              • String ID:
                                                              • API String ID: 10892065-0
                                                              • Opcode ID: ec0875ecc71bebb71e688756c406e4f98da9d1991e1789e0aaf2d8ad711ed5d7
                                                              • Instruction ID: 5ab8b050baf94023de80966c22a2fe763aab1ff7cf9ca6fb6cfb70db83998d74
                                                              • Opcode Fuzzy Hash: ec0875ecc71bebb71e688756c406e4f98da9d1991e1789e0aaf2d8ad711ed5d7
                                                              • Instruction Fuzzy Hash: 9CD017325947056EDB005F76BE097233BDC93842D9F004425EE4CD6150EAB1C944D600
                                                              Function 00E5C81D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 99 e5c81d-e5c829 call e5c6f1 101 e5c82e-e5c832 99->101
                                                              APIs
                                                              • _doexit.LIBCMT ref: 00E5C829
                                                                • Part of subcall function 00E5C6F1: __lock.LIBCMT ref: 00E5C6FF
                                                                • Part of subcall function 00E5C6F1: __decode_pointer.LIBCMT ref: 00E5C736
                                                                • Part of subcall function 00E5C6F1: __decode_pointer.LIBCMT ref: 00E5C74B
                                                                • Part of subcall function 00E5C6F1: __decode_pointer.LIBCMT ref: 00E5C775
                                                                • Part of subcall function 00E5C6F1: __decode_pointer.LIBCMT ref: 00E5C78B
                                                                • Part of subcall function 00E5C6F1: __decode_pointer.LIBCMT ref: 00E5C798
                                                                • Part of subcall function 00E5C6F1: __initterm.LIBCMT ref: 00E5C7C7
                                                                • Part of subcall function 00E5C6F1: __initterm.LIBCMT ref: 00E5C7D7
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __decode_pointer$__initterm$__lock_doexit
                                                              • String ID:
                                                              • API String ID: 1597249276-0
                                                              • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                              • Instruction ID: 7c69062db1c158d3ab7422ef187e0018ee93bd2023534e2d587170556f029b6c
                                                              • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                              • Instruction Fuzzy Hash: 90B0923258030837DA202542AC07F063A4987C0BA0E641020BA0C291A1A9A2AA658889

                                                              Non-executed Functions

                                                              Function 00E544A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138libraryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,?,?), ref: 00E544FF
                                                              • FindResourceW.KERNEL32(00000000,00E625B4,00000000,?,?), ref: 00E5452A
                                                              • FreeLibrary.KERNEL32(00000000,00000000,4G,?,?), ref: 00E5467D
                                                                • Part of subcall function 00E53E70: GetLastError.KERNEL32(?,?,00E54636,?,?), ref: 00E53E74
                                                                • Part of subcall function 00E53E70: _HRESULT_FROM_WIN32.LIBCMTD ref: 00E53E81
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Library$ErrorFindFreeLastLoadResource
                                                              • String ID: 4G
                                                              • API String ID: 3418355812-3765658372
                                                              • Opcode ID: 76b80ac45430d6f4c2525292c544fb337b7a0b21e4b23a7d89c768c948de417f
                                                              • Instruction ID: f26b3d708950d5de3253368dcfa97b5ab69114f8bdcf4ce593c6c1330e3b5a4e
                                                              • Opcode Fuzzy Hash: 76b80ac45430d6f4c2525292c544fb337b7a0b21e4b23a7d89c768c948de417f
                                                              • Instruction Fuzzy Hash: 37510AF1D002189FCB24EF64DC41BAEB7B4AF44345F005999FA0AB7291DB705A88CF69
                                                              Function 00E579E4 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32 ref: 00E588B8
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E588CD
                                                              • UnhandledExceptionFilter.KERNEL32(00E628B0), ref: 00E588D8
                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00E588F4
                                                              • TerminateProcess.KERNEL32(00000000), ref: 00E588FB
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                              • String ID:
                                                              • API String ID: 2579439406-0
                                                              • Opcode ID: d125a4552dc6f595535a4c3709e4681c45d5d9f3ec97ee0da5cdb9d4f5ed4750
                                                              • Instruction ID: de931e0674f548cb5b9bfc97bc0029230a9c04958d271caa7baafd1b4e12255e
                                                              • Opcode Fuzzy Hash: d125a4552dc6f595535a4c3709e4681c45d5d9f3ec97ee0da5cdb9d4f5ed4750
                                                              • Instruction Fuzzy Hash: 2E21FCB481A2009FD740CF2BFC556063BA8BB08789F00555AF988B3270EBF0598CCF50
                                                              Function 00E53820 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoCreateInstance.OLE32(00E62830,00000000,00000001,00E62578,-00000028), ref: 00E5385B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateInstance
                                                              • String ID:
                                                              • API String ID: 542301482-0
                                                              • Opcode ID: 36fb98f3e1025744d00844fafa6a21be2900ba5543e28023e6cf40eba9956613
                                                              • Instruction ID: b4791187c45d1ae2a377e0ee67c4273887306556d0b5ef1619de744e0e8da7f1
                                                              • Opcode Fuzzy Hash: 36fb98f3e1025744d00844fafa6a21be2900ba5543e28023e6cf40eba9956613
                                                              • Instruction Fuzzy Hash: 67015274A40208EFCB08CF64D884B5DBBB1FB58355F209198ED05BB380D370AE85CB40
                                                              Function 00E61406 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLocaleInfoA.KERNEL32(?,00001004,?,00000006), ref: 00E6142A
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID:
                                                              • API String ID: 2299586839-0
                                                              • Opcode ID: f6695bf670dcb5980dc817b5f7f841586b605e9791ffe572b45c349e6c4ee7b0
                                                              • Instruction ID: 5e70f1cb157c765db2fcc39233acf8ef36afccd65c4928f707d17fdc413f285e
                                                              • Opcode Fuzzy Hash: f6695bf670dcb5980dc817b5f7f841586b605e9791ffe572b45c349e6c4ee7b0
                                                              • Instruction Fuzzy Hash: 0FE08C30A00248BFDF11DFA6E805B9EBBFD9B04740F4040A4FA04EB140EAB19A088B61
                                                              Function 00E5CF9E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000CF5C), ref: 00E5CFA3
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: 92f4b3ac13cebe131af406f2348f3b0012ed25a7063f331602ae18d679347743
                                                              • Instruction ID: b76f56b0fd115c5cfda6ffc0018f211227708652722b23aa638be02751885a29
                                                              • Opcode Fuzzy Hash: 92f4b3ac13cebe131af406f2348f3b0012ed25a7063f331602ae18d679347743
                                                              • Instruction Fuzzy Hash: 9B9002603527008E8A4017717C1940669E56B4C647B519854E657E4094DBA14048A571
                                                              Function 00E61C1C Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: HeapProcess
                                                              • String ID:
                                                              • API String ID: 54951025-0
                                                              • Opcode ID: 1eee16a5a7116426dc4dd53daaab69654351c398adee3a103e6aabcdc6f67d0e
                                                              • Instruction ID: 8938a914c91f47212b08af3e120bce396a91bdbaaa05755e5db10bdc72a1b4e4
                                                              • Opcode Fuzzy Hash: 1eee16a5a7116426dc4dd53daaab69654351c398adee3a103e6aabcdc6f67d0e
                                                              • Instruction Fuzzy Hash: 98C0127048A6408EC38A9B22BD0A2073FA063223CAF00688AE585762A0CBF0004CCB20
                                                              Function 00E54D20 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 305stringCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 468 e54d20-e54d3d 469 e54d45-e54d4a 468->469 470 e54d3f-e54d43 468->470 472 e5515f-e5516c call e579e4 469->472 470->469 471 e54d4f-e54d77 lstrlenW call e551c0 470->471 477 e54d96-e54dbc call e56f00 471->477 478 e54d79-e54d91 call e552a0 471->478 483 e54dbe-e54dd5 call e552a0 477->483 484 e54dda-e54de5 477->484 478->472 483->472 485 e54de9-e54df6 484->485 488 e55135-e55139 485->488 489 e54dfc-e54e03 485->489 492 e55148-e55159 call e552a0 488->492 493 e5513b-e55146 call e554d0 488->493 490 e54fac-e54fba 489->490 491 e54e09-e54e1b 489->491 496 e54fc0-e54fe5 CharNextW 490->496 497 e550fb-e5510e call e552c0 490->497 494 e54ed4-e54ee2 491->494 495 e54e21-e54e45 call e55170 491->495 492->472 493->492 506 e54ee4-e54eea 494->506 507 e54f3f-e54f45 494->507 495->494 519 e54e4b-e54e56 495->519 502 e54fe7-e54ffa call e552c0 496->502 503 e5500d-e55027 call e55550 496->503 517 e55110-e55117 497->517 518 e55119-e55130 CharNextW 497->518 526 e54ffc-e55003 502->526 527 e55008 502->527 529 e55041-e55051 503->529 530 e55029-e5503c call e54990 503->530 508 e54ef2-e54eff call e54cd0 506->508 509 e54eec-e54ef0 506->509 513 e54f47-e54f55 507->513 514 e54f60-e54f66 507->514 534 e54f07-e54f31 CharNextW call e552c0 508->534 535 e54f01-e54f05 508->535 509->507 513->514 521 e54f57-e54f5d 513->521 514->490 522 e54f68-e54f76 514->522 517->488 518->485 519->494 525 e54e58-e54ec2 CharNextW * 4 call e55450 519->525 521->514 522->490 528 e54f78-e54f81 522->528 547 e54ec4-e54ecb 525->547 548 e54ed0 525->548 526->488 537 e550f9 527->537 528->490 538 e54f83-e54f8a 528->538 532 e55053-e5505a 529->532 533 e5505f-e550a3 call e55190 call e55510 529->533 530->488 532->488 555 e550a5-e550b8 call e54990 533->555 556 e550ba-e550c8 call e55450 533->556 534->507 551 e54f33-e54f3a 534->551 535->507 537->518 538->490 539 e54f8c-e54f9a call e55450 538->539 552 e54f9c-e54fa3 539->552 553 e54fa8 539->553 547->488 548->494 551->488 552->488 553->490 555->488 561 e550d3-e550de 556->561 562 e550ca-e550d1 556->562 561->537 563 e550e0-e550f7 CharNextW 561->563 562->488 563->561
                                                              APIs
                                                              • lstrlenW.KERNEL32(00000000), ref: 00E54D5C
                                                              • CharNextW.USER32(?,00000000,00000000), ref: 00E54E61
                                                              • CharNextW.USER32 ref: 00E54E78
                                                              • CharNextW.USER32 ref: 00E54E8F
                                                              • CharNextW.USER32 ref: 00E54EA6
                                                                • Part of subcall function 00E552A0: CoTaskMemFree.OLE32(?,00000000,?,00E55159,00000000,00000000), ref: 00E552AE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext$FreeTasklstrlen
                                                              • String ID: HKCR$'
                                                              • API String ID: 1034012546-1395910290
                                                              • Opcode ID: f158a5a654a3b378a7980b8735e42f269fef4f6a132e6adb5b6b615004a16aec
                                                              • Instruction ID: 7b8ab7dba69ee34323f1104961706096f249c5d6742e697cfbd0e9bc226da116
                                                              • Opcode Fuzzy Hash: f158a5a654a3b378a7980b8735e42f269fef4f6a132e6adb5b6b615004a16aec
                                                              • Instruction Fuzzy Hash: 0BD16175A00619DFCB14DF64C890BEEBBB1BF49309F105598E919BB281DB74AD88CF90
                                                              Function 00E512F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 74memoryprocesssynchronizationCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E5131E
                                                                • Part of subcall function 00E510F0: _DebugHeapAllocator.LIBCPMTD ref: 00E510FB
                                                                • Part of subcall function 00E510F0: PathRemoveFileSpecW.SHLWAPI(00000000,00000104,?), ref: 00E5110E
                                                                • Part of subcall function 00E510F0: _DebugHeapAllocator.LIBCPMTD ref: 00E51125
                                                              • _memset.LIBCMT ref: 00E51337
                                                              • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00E51373
                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E51382
                                                              • CloseHandle.KERNEL32(?), ref: 00E5138C
                                                              • CloseHandle.KERNEL32(?), ref: 00E51396
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorDebugHeap$CloseHandle$CreateFileObjectPathProcessRemoveSingleSpecWait_memset
                                                              • String ID: "%s" %s$D
                                                              • API String ID: 384612222-3971972636
                                                              • Opcode ID: fe0e098aabc6d263c6cc5fd58cc7fab1e9bc453476fa1269b7f9c74e9e6c93d6
                                                              • Instruction ID: 6856ba2298b39c1db96df7880d2fbf6e8f433785b9f81ef1c3bd7e77932b427d
                                                              • Opcode Fuzzy Hash: fe0e098aabc6d263c6cc5fd58cc7fab1e9bc453476fa1269b7f9c74e9e6c93d6
                                                              • Instruction Fuzzy Hash: 892132B5900208ABCB04EFE4DC46EEE77B8AF54381F105559BA1A7B191EB746B0CCB61
                                                              Function 00E54AA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 177COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 589 e54aa0-e54abb call e54a00 592 e54abd-e54aca call e54990 589->592 593 e54acf-e54ae0 589->593 605 e54cbd-e54cc0 592->605 595 e54ae6-e54af5 CharNextW 593->595 596 e54bff-e54c09 593->596 600 e54af7-e54b01 595->600 597 e54cb3-e54cb8 596->597 598 e54c0f-e54c22 call e54a40 596->598 603 e54cbb 597->603 598->597 612 e54c28-e54c63 CharNextW 598->612 601 e54b07-e54b11 call e54cd0 600->601 602 e54bc3-e54bcd 600->602 601->602 614 e54b17-e54b22 601->614 608 e54be1-e54bfa CharNextW 602->608 609 e54bcf-e54bdc call e54990 602->609 603->605 608->603 609->605 615 e54c65-e54c72 call e54990 612->615 616 e54c74-e54c7b 612->616 617 e54b35-e54b70 CharNextW 614->617 618 e54b24-e54b33 CharNextW 614->618 615->605 620 e54c98-e54c9e 616->620 621 e54b84-e54b8b 617->621 622 e54b72-e54b7f call e54990 617->622 618->617 624 e54ca0-e54cac 620->624 625 e54cae 620->625 627 e54ba8-e54bae 621->627 622->605 624->620 625->596 630 e54bb0-e54bbc 627->630 631 e54bbe 627->631 630->627 631->600
                                                              APIs
                                                                • Part of subcall function 00E54A00: CharNextW.USER32(?,?,?H,?,00E54AB1,00E5483F,?,00000000,00000000,?,00E5466D), ref: 00E54A22
                                                              • CharNextW.USER32(?,00E5483F,?,00000000,00000000,?,00E5466D), ref: 00E54AEC
                                                              • CharNextW.USER32(00000000,?,00E5483F,?,00000000,00000000), ref: 00E54B2A
                                                              • CharNextW.USER32(?H,?,00E5483F,?,00000000,00000000,?,00E5466D), ref: 00E54B43
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext
                                                              • String ID: ?H$mF
                                                              • API String ID: 3213498283-3243308245
                                                              • Opcode ID: 03d67691edfc396d9ab17fc3ed0c6d159874ec41b6dd750fa4c5b981673bf06a
                                                              • Instruction ID: 2596088c4272067b2af6236ded6d05d8584ffd89df5afe076be724939a35094a
                                                              • Opcode Fuzzy Hash: 03d67691edfc396d9ab17fc3ed0c6d159874ec41b6dd750fa4c5b981673bf06a
                                                              • Instruction Fuzzy Hash: 20710974A01219DFDF44CF94C890AAEB7F2FF89309B209559E905BB394D734A985CF90
                                                              Function 00E560F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 692 e560f0-e5613a call e58300 call e54aa0 697 e56144-e56159 call e566d0 692->697 698 e5613c-e5613f 692->698 704 e56170-e56194 call e54a00 call e54aa0 697->704 705 e5615b-e5616b call e54990 697->705 699 e56592-e5659f call e579e4 698->699 712 e56196-e56199 704->712 713 e5619e-e561af 704->713 705->699 712->699 714 e561b1-e561b8 713->714 715 e561d9-e561e3 713->715 716 e56380-e563e9 call e53e10 call e57290 call e54240 VarUI4FromStr call e565b0 call e56f30 714->716 717 e561be-e561c5 714->717 718 e561e5 715->718 719 e56207-e56247 lstrlenW call e57290 call e57310 call e57300 715->719 723 e56558-e5655c 716->723 720 e561c7-e561ce 717->720 721 e561ea-e56202 call e565e0 717->721 718->723 754 e5624d-e5626a call e57300 719->754 755 e56369 719->755 725 e561d4 720->725 726 e563ee-e5640a lstrlenW 720->726 721->723 730 e56573-e56589 call e54aa0 723->730 731 e5655e-e56571 call e55d90 723->731 725->723 736 e56416-e56451 call e57290 call e57340 call e57300 726->736 737 e5640c-e56411 726->737 745 e56590 730->745 746 e5658b-e5658e 730->746 731->699 766 e56473-e5649a call e57300 call e57a00 736->766 767 e56453-e5646e call e572e0 736->767 737->699 745->699 746->699 765 e56274-e5627f 754->765 759 e56370-e5637b call e572e0 755->759 759->723 769 e56285-e562a4 CharNextW 765->769 770 e56327-e56367 call e57300 call e56640 765->770 785 e564ab-e564b7 766->785 767->699 773 e562a6-e562b2 769->773 774 e562e3-e5630d 769->774 770->759 773->774 778 e562b4-e562e1 CharNextW 773->778 779 e56313-e56322 774->779 778->779 779->765 786 e56520-e56553 call e57300 * 2 RegSetValueExW call e572e0 785->786 787 e564b9-e5651b call e57300 call e567a0 785->787 786->723 787->785
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4cf4faee62b09db82c8e6208e49fbc1b4d50f4777234166e43168ef93dd47ac5
                                                              • Instruction ID: ebad068d8746a6359a5b21c71374f0dacb86c19ad91ed29973f3be3c87de9c94
                                                              • Opcode Fuzzy Hash: 4cf4faee62b09db82c8e6208e49fbc1b4d50f4777234166e43168ef93dd47ac5
                                                              • Instruction Fuzzy Hash: 31D15A71904228DBCB29DF64DC49AEEB3B0BF58301F4059D9EA4AB7251EB305E98CF50
                                                              Function 00E539E0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: task
                                                              • String ID: $q$Module$Module_Raw
                                                              • API String ID: 1384045349-2628020214
                                                              • Opcode ID: d923f6ba9eda240ba224e5df05e09110e765876a72ffaca8d6c5a4269ba42605
                                                              • Instruction ID: 97c51e9502b78a557841980884e1b6621ee220983fa2726aa8a248c3ed854cff
                                                              • Opcode Fuzzy Hash: d923f6ba9eda240ba224e5df05e09110e765876a72ffaca8d6c5a4269ba42605
                                                              • Instruction Fuzzy Hash: C9A12871A106299FCB24EF60DC89BEAB3B4AB44346F0019D9A90A77291DB345FC8CF51
                                                              Function 00E56A70 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 220COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: task
                                                              • String ID: $q$Module$Module_Raw
                                                              • API String ID: 1384045349-2628020214
                                                              • Opcode ID: 9d1f72f9cfa0c36ba403b65983131d65ddb8ac0f3cfaf60d1c11cf0a0881b996
                                                              • Instruction ID: 526512883690a6de9bcf0ca660d18dfdfab4ba6c185981be702110b3b1f98d20
                                                              • Opcode Fuzzy Hash: 9d1f72f9cfa0c36ba403b65983131d65ddb8ac0f3cfaf60d1c11cf0a0881b996
                                                              • Instruction Fuzzy Hash: B9A14971A112299FCB24EF60DC49BEAB3B4AF44306F4059D9A80A77291DB345FC8CF51
                                                              Function 00E5D9F1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • __getptd.LIBCMT ref: 00E5D9FD
                                                                • Part of subcall function 00E5C125: __getptd_noexit.LIBCMT ref: 00E5C128
                                                                • Part of subcall function 00E5C125: __amsg_exit.LIBCMT ref: 00E5C135
                                                              • __amsg_exit.LIBCMT ref: 00E5DA1D
                                                              • __lock.LIBCMT ref: 00E5DA2D
                                                              • InterlockedDecrement.KERNEL32(?), ref: 00E5DA4A
                                                              • InterlockedIncrement.KERNEL32(00E32D00), ref: 00E5DA75
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                              • String ID: Pe
                                                              • API String ID: 4271482742-2264585532
                                                              • Opcode ID: 721d7888e763857af0365e60de8f248d9093c4edd74c2da2765e744678abc672
                                                              • Instruction ID: 7b77fc14297ae657fffdfcce8a8b24c170bf3b964f17f81cfd705021b1a8e143
                                                              • Opcode Fuzzy Hash: 721d7888e763857af0365e60de8f248d9093c4edd74c2da2765e744678abc672
                                                              • Instruction Fuzzy Hash: FF01E132D09B10EFD720AF66AC0574B7BB0AB04756F146815EC00B7182CB74694ACBD1
                                                              Function 00E5F0DF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __calloc_crt
                                                              • String ID: @}$\0$k
                                                              • API String ID: 3494438863-3452477248
                                                              • Opcode ID: 6163df9dbdf93758bdced726a45127fd9dd1f497e1dad7833cd72d15c700788d
                                                              • Instruction ID: a96f7869aabe8beaac5463e86a6eea499d7a97a60971a6f2632e300291df24e9
                                                              • Opcode Fuzzy Hash: 6163df9dbdf93758bdced726a45127fd9dd1f497e1dad7833cd72d15c700788d
                                                              • Instruction Fuzzy Hash: BD11EB31716610CFE7244A1EFD516623286A7A53F9B242A36ED15FA2D5DA70C8454680
                                                              Function 00E57F91 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • __lock.LIBCMT ref: 00E57FAF
                                                                • Part of subcall function 00E5B365: __mtinitlocknum.LIBCMT ref: 00E5B37B
                                                                • Part of subcall function 00E5B365: __amsg_exit.LIBCMT ref: 00E5B387
                                                                • Part of subcall function 00E5B365: EnterCriticalSection.KERNEL32(-0000000F,-0000000F,?,00E5F7DF,00000004,00E648B8,0000000C,00E5C456,00000000,00000000,00000000,00000000,00000000,?,00E5C0D7,00000001), ref: 00E5B38F
                                                              • ___sbh_find_block.LIBCMT ref: 00E57FBA
                                                              • ___sbh_free_block.LIBCMT ref: 00E57FC9
                                                              • HeapFree.KERNEL32(00000000,00000000,00E64620,0000000C,00E5B346,00000000,00E646E8,0000000C,00E5B380,00000000,-0000000F,?,00E5F7DF,00000004,00E648B8,0000000C), ref: 00E57FF9
                                                              • GetLastError.KERNEL32(?,00E5F7DF,00000004,00E648B8,0000000C,00E5C456,00000000,00000000,00000000,00000000,00000000,?,00E5C0D7,00000001,00000214), ref: 00E5800A
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                              • String ID:
                                                              • API String ID: 2714421763-0
                                                              • Opcode ID: 24a3cba3aab49ba64c48fee0ed039b5bbf01da587aaa0964fd5c215889a92160
                                                              • Instruction ID: b66b17d5bc640629f4a2423e8917651f44e90f1082b3fb197ad3cde81f544aab
                                                              • Opcode Fuzzy Hash: 24a3cba3aab49ba64c48fee0ed039b5bbf01da587aaa0964fd5c215889a92160
                                                              • Instruction Fuzzy Hash: 64016231944305EAEF20AFB1BD0675E3BA4AF007AAF502919FD40B60D2CFB4854CDA64
                                                              Function 00E5F50B Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E5F53F
                                                              • __isleadbyte_l.LIBCMT ref: 00E5F573
                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00E57D10,?,00000000,00000000,?,?,?,?,00E57D10,00000000,?), ref: 00E5F5A4
                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00E57D10,00000001,00000000,00000000,?,?,?,?,00E57D10,00000000,?), ref: 00E5F612
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                              • String ID:
                                                              • API String ID: 3058430110-0
                                                              • Opcode ID: b3e6ea111ecab7e8b8f80eb4ea6f35a58fe0d0e85451631103375752aa348da3
                                                              • Instruction ID: 1fda9031868e5e450025f654ea802a11dc0d57e6ef8a8c09628c990809658764
                                                              • Opcode Fuzzy Hash: b3e6ea111ecab7e8b8f80eb4ea6f35a58fe0d0e85451631103375752aa348da3
                                                              • Instruction Fuzzy Hash: 5831F231A00286EFCF10DF68C880AAA3BB1EF01316F1459B9E861AB1D1EB30CD49DB50
                                                              Function 00E55BD7 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00E56890: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E568BC
                                                              • lstrcmpiW.KERNEL32(00000000,00E6245C,00000000,?,00E54951,?,00000000,00000000,00000000,?), ref: 00E5562E
                                                              • lstrcmpiW.KERNEL32(00000000,00E62428,?,00E54951,?,00000000,00000000,00000000,?), ref: 00E5564C
                                                              • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00E55CA0
                                                                • Part of subcall function 00E56840: lstrcmpiW.KERNEL32(00000000,?,00000000), ref: 00E56870
                                                              • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00E55D16
                                                                • Part of subcall function 00E55FE0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00E55FFC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpi$Iterator_baseIterator_base::_std::_$InfoQuerylstrlen
                                                              • String ID: ($$\$
                                                              • API String ID: 130590674-2150133725
                                                              • Opcode ID: 545ae507230df7b53de19d6d1f2b236e821e3d3f1585a0b3b5925d3c5e82df0e
                                                              • Instruction ID: 97ccac06def2da18efce262411bd4c602ed6536091fa82faa44ac0935af63676
                                                              • Opcode Fuzzy Hash: 545ae507230df7b53de19d6d1f2b236e821e3d3f1585a0b3b5925d3c5e82df0e
                                                              • Instruction Fuzzy Hash: E9219272904508DFCF14DFA4D898BEE73F4AB44306F505699E806B7190DB709E89CF51
                                                              Function 00E57F2C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _malloc.LIBCMT ref: 00E57F46
                                                                • Part of subcall function 00E58529: __FF_MSGBANNER.LIBCMT ref: 00E5854C
                                                                • Part of subcall function 00E58529: __NMSG_WRITE.LIBCMT ref: 00E58553
                                                                • Part of subcall function 00E58529: HeapAlloc.KERNEL32(00000000,-0000000F,00000001,00000000,00000000,?,00E5C40C,00000000,00000001,00000000,?,00E5B2EF,00000018,00E646E8,0000000C,00E5B380), ref: 00E585A0
                                                              • std::bad_alloc::bad_alloc.LIBCMT ref: 00E57F69
                                                                • Part of subcall function 00E57EC2: std::exception::exception.LIBCMT ref: 00E57ECE
                                                              • std::bad_exception::bad_exception.LIBCMT ref: 00E57F7D
                                                              • __CxxThrowException@8.LIBCMT ref: 00E57F8B
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                              • String ID:
                                                              • API String ID: 3622535130-0
                                                              • Opcode ID: bd10442044c7a152daf2fe7c221e4102d5b4e5bc6e5ed141e00f7981b8ed6519
                                                              • Instruction ID: a32b429aff13a7d08ff12f64cec6e3b488da52f5307bcc96e4553d9f0db7e810
                                                              • Opcode Fuzzy Hash: bd10442044c7a152daf2fe7c221e4102d5b4e5bc6e5ed141e00f7981b8ed6519
                                                              • Instruction Fuzzy Hash: 8CF0E22060820626CB08B760FC17D4E37E85B41399B003869FC8175191DFA09E1D8260
                                                              Function 00E5E15D Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • __getptd.LIBCMT ref: 00E5E169
                                                                • Part of subcall function 00E5C125: __getptd_noexit.LIBCMT ref: 00E5C128
                                                                • Part of subcall function 00E5C125: __amsg_exit.LIBCMT ref: 00E5C135
                                                              • __getptd.LIBCMT ref: 00E5E180
                                                              • __amsg_exit.LIBCMT ref: 00E5E18E
                                                              • __lock.LIBCMT ref: 00E5E19E
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                              • String ID:
                                                              • API String ID: 3521780317-0
                                                              • Opcode ID: 18673af8427f95e7dc34a3947ca4551052a4c764fa067131b308b81f1d26f35d
                                                              • Instruction ID: 5a0d064297e5780c7ea896fd25acdcc8a2a94b82a508235aabfecef2c9b81724
                                                              • Opcode Fuzzy Hash: 18673af8427f95e7dc34a3947ca4551052a4c764fa067131b308b81f1d26f35d
                                                              • Instruction Fuzzy Hash: 3AF09032902B109FD728BBB59A0274D37F0AF00716F206D49EC40F73D2CF745A098A52
                                                              Function 00E547C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoTaskMemFree.OLE32(00000000,00000000,00000000,?,00E5466D), ref: 00E54970
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FreeTask
                                                              • String ID: mF$mF
                                                              • API String ID: 734271698-4283146371
                                                              • Opcode ID: 221c8fe50bb90f16ddb8d2575aa8100c0243ac02d6f325304da1db4efc7ce646
                                                              • Instruction ID: dd041b74ae182063ea5ee90af593572eda099261d30ef87dfce25b51b31198d5
                                                              • Opcode Fuzzy Hash: 221c8fe50bb90f16ddb8d2575aa8100c0243ac02d6f325304da1db4efc7ce646
                                                              • Instruction Fuzzy Hash: 95512CB0900218DFDB24DF90D895BAEB7B5AB84305F2098DAE90977282D6305ED9DF51
                                                              Function 00E52AD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _wmemcpy_s
                                                              • String ID: s*$s*
                                                              • API String ID: 67063488-1714473704
                                                              • Opcode ID: 96bdd857711cb142f7850752dd74b1e546bfc7ee1fc168b275fcc653a70039ca
                                                              • Instruction ID: 3065e010cde0131bc664ef153c16860fb2c3a8fa17bc3c49383d14883a085972
                                                              • Opcode Fuzzy Hash: 96bdd857711cb142f7850752dd74b1e546bfc7ee1fc168b275fcc653a70039ca
                                                              • Instruction Fuzzy Hash: 1B219474E00209AFCB04EF98C8919AEB7B5BF89301F10859DEA15AB351DA30AE45CF90
                                                              Function 00E52FC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00E52FEB
                                                              • std::exception::exception.LIBCMTD ref: 00E53017
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CurrentThreadstd::exception::exception
                                                              • String ID: +.
                                                              • API String ID: 3968200651-1156439006
                                                              • Opcode ID: 7ecd1dcb91f9dd24ed2bc93d8bb5d6320ace606a2ef78fcb65a71c88f28cec98
                                                              • Instruction ID: aee942b975b400efd39b6caf76a30da16b9d0d1759cefea0889cbbbbbd0d14b6
                                                              • Opcode Fuzzy Hash: 7ecd1dcb91f9dd24ed2bc93d8bb5d6320ace606a2ef78fcb65a71c88f28cec98
                                                              • Instruction Fuzzy Hash: 5D11E674E04209EFCB04DFA4D884B9EB7B0FB08345F20A599E815AB381C7759E48CB90
                                                              Function 00E52E60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E52E70
                                                                • Part of subcall function 00E52F20: _wmemcpy_s.LIBCPMTD ref: 00E52F4E
                                                                • Part of subcall function 00E52F20: _wmemcpy_s.LIBCPMTD ref: 00E52F6C
                                                              • _DebugHeapAllocator.LIBCPMTD ref: 00E52EAC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocatorDebugHeap_wmemcpy_s
                                                              • String ID: .-
                                                              • API String ID: 3174225033-2662923072
                                                              • Opcode ID: 16a2a6fd9a51adc1d1eef7e445877490a929127056be199216027e13f3a2db70
                                                              • Instruction ID: 10de6165d2e992a82110e7065014ad6b85129deeab00a10a3355032e445112a2
                                                              • Opcode Fuzzy Hash: 16a2a6fd9a51adc1d1eef7e445877490a929127056be199216027e13f3a2db70
                                                              • Instruction Fuzzy Hash: 7FF01D71500008BBCB05FF54ED52E9E33ADAF44351B105998BC1AB7152EF30BE18CA64
                                                              Function 00E53E70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,00E54636,?,?), ref: 00E53E74
                                                              • _HRESULT_FROM_WIN32.LIBCMTD ref: 00E53E81
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000007.00000002.1902654688.0000000000E51000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E50000, based on PE: true
                                                              • Associated: 00000007.00000002.1902638524.0000000000E50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902678949.0000000000E62000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902696440.0000000000E66000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 00000007.00000002.1902713254.0000000000E69000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_7_2_e50000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast
                                                              • String ID: 6F
                                                              • API String ID: 1452528299-571430657
                                                              • Opcode ID: 5d286d61b95002287bb6e7f28f85f2af96f5bd908e5565a186be0356c77478cd
                                                              • Instruction ID: a33bdd151987658cf381daf5c379650d42acb953906bdacb722954729465a0e6
                                                              • Opcode Fuzzy Hash: 5d286d61b95002287bb6e7f28f85f2af96f5bd908e5565a186be0356c77478cd
                                                              • Instruction Fuzzy Hash: FAC012B5D00208AB8A00DBB5A90540AB7BC9604251B000595ED08A3201E5329A148791

                                                              Execution Graph

                                                              Execution Coverage:4.2%
                                                              Dynamic/Decrypted Code Coverage:0%
                                                              Signature Coverage:0.4%
                                                              Total number of Nodes:1928
                                                              Total number of Limit Nodes:44
                                                              execution_graph 63418 6f836fc0 63421 6f839e20 63418->63421 63430 6f834d70 LoadLibraryW 63421->63430 63431 6f834d82 GetProcAddress 63430->63431 63432 6f834da4 LoadLibraryW 63430->63432 63435 6f834d92 63431->63435 63436 6f834d9d FreeLibrary 63431->63436 63433 6f834db5 GetProcAddress 63432->63433 63434 6f834dce 63432->63434 63437 6f834dc7 FreeLibrary 63433->63437 63438 6f834dc5 63433->63438 63439 6f840fb0 63434->63439 63435->63436 63435->63437 63436->63432 63437->63434 63438->63437 63440 6f840fe0 11 API calls 63439->63440 63441 6f840fcf DeleteObject 63439->63441 63485 6f8481de 63440->63485 63441->63440 63442 6f840fda 63441->63442 63442->63440 63444 6f839e54 InitCommonControlsEx GdiplusStartup 63445 6f84888a 63444->63445 63447 6f84888f 63445->63447 63448 6f839e88 63447->63448 63493 6f84d5a3 63447->63493 63502 6f84e556 7 API calls 2 library calls 63447->63502 63503 6f8491c8 RaiseException __CxxThrowException@8 new 63447->63503 63504 6f8491ab RaiseException Concurrency::cancel_current_task __CxxThrowException@8 63447->63504 63452 6f83a660 63448->63452 63507 6f842fa0 63452->63507 63454 6f83a6c4 GdipCreateSolidFill 63509 6f83a170 GdipCreateFontFamilyFromName 63454->63509 63456 6f83a77b GdipCreateStringFormat GdipCreateSolidFill 63520 6f841d40 63456->63520 63458 6f83a852 63610 6f838870 63458->63610 63460 6f83a862 63716 6f8436d0 63460->63716 63462 6f83a872 63774 6f8377d0 63462->63774 63464 6f83a884 63777 6f8315f0 63464->63777 63467 6f83a8a7 63469 6f8315f0 35 API calls 63467->63469 63470 6f83a8be 63469->63470 63471 6f83a8ce 63470->63471 63472 6f8311a0 RaiseException 63470->63472 63473 6f8315f0 35 API calls 63471->63473 63472->63471 63474 6f83a8e5 63473->63474 63475 6f83a8f5 63474->63475 63476 6f8311a0 RaiseException 63474->63476 63792 6f8347a0 63475->63792 63476->63475 63481 6f83aa84 ReleaseDC 63483 6f8481de TranslatorGuardHandler 5 API calls 63481->63483 63482 6f83aa7e 63482->63481 63484 6f836fc5 63483->63484 63486 6f8481e7 63485->63486 63487 6f8481e9 IsProcessorFeaturePresent 63485->63487 63486->63444 63489 6f8488f9 63487->63489 63492 6f8488bd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 63489->63492 63491 6f8489dc 63491->63444 63492->63491 63494 6f84e764 63493->63494 63495 6f84e7a2 63494->63495 63496 6f84e78d HeapAlloc 63494->63496 63500 6f84e776 FindHandlerForForeignException 63494->63500 63506 6f84be21 20 API calls __dosmaperr 63495->63506 63499 6f84e7a0 63496->63499 63496->63500 63498 6f84e7a7 63498->63447 63499->63498 63500->63495 63500->63496 63505 6f84e556 7 API calls 2 library calls 63500->63505 63502->63447 63505->63500 63506->63498 63508 6f842fc8 63507->63508 63508->63454 63510 6f83a1f3 GdipCreateFont 63509->63510 63511 6f83a1ab 63509->63511 63514 6f83a255 GdipDeleteFontFamily 63510->63514 63515 6f83a20f 63510->63515 63512 6f83a1d6 63511->63512 63513 6f83a1b5 GdipGetGenericFontFamilySansSerif 63511->63513 63512->63510 63516 6f83a1e2 GdipDeleteFontFamily 63512->63516 63513->63512 63514->63456 63517 6f83a237 63515->63517 63518 6f83a219 GdipGetGenericFontFamilySansSerif 63515->63518 63516->63456 63517->63514 63519 6f83a243 GdipCreateFont 63517->63519 63518->63517 63519->63514 63824 6f838800 63520->63824 63523 6f841e27 63526 6f84888a new 22 API calls 63523->63526 63524 6f84200b 63525 6f84888a new 22 API calls 63524->63525 63527 6f842025 63525->63527 63528 6f841e41 63526->63528 63529 6f831b10 57 API calls 63527->63529 63828 6f831b10 63528->63828 63531 6f842044 63529->63531 63533 6f844450 18 API calls 63531->63533 63535 6f84205d 63533->63535 63537 6f84888a new 22 API calls 63535->63537 63539 6f84206b 63537->63539 63538 6f84888a new 22 API calls 63540 6f841e7e 63538->63540 63541 6f831b10 57 API calls 63539->63541 63542 6f831b10 57 API calls 63540->63542 63544 6f84208a 63541->63544 63543 6f841e9d 63542->63543 63545 6f844450 18 API calls 63543->63545 63546 6f844450 18 API calls 63544->63546 63547 6f841eb6 63545->63547 63548 6f8420a3 63546->63548 63549 6f84888a new 22 API calls 63547->63549 63550 6f84888a new 22 API calls 63548->63550 63551 6f841ec4 63549->63551 63552 6f8420b1 63550->63552 63554 6f831b10 57 API calls 63551->63554 63553 6f831b10 57 API calls 63552->63553 63555 6f8420d0 63553->63555 63556 6f841ee3 63554->63556 63557 6f844450 18 API calls 63555->63557 63558 6f844450 18 API calls 63556->63558 63559 6f8420e9 63557->63559 63560 6f841ef3 63558->63560 63561 6f84888a new 22 API calls 63559->63561 63562 6f84888a new 22 API calls 63560->63562 63563 6f8420f7 63561->63563 63564 6f841f01 63562->63564 63565 6f831b10 57 API calls 63563->63565 63566 6f831b10 57 API calls 63564->63566 63567 6f842116 63565->63567 63568 6f841f20 63566->63568 63569 6f844450 18 API calls 63567->63569 63570 6f844450 18 API calls 63568->63570 63571 6f84212f 63569->63571 63572 6f841f39 63570->63572 63573 6f84888a new 22 API calls 63571->63573 63574 6f84888a new 22 API calls 63572->63574 63576 6f84213d 63573->63576 63575 6f841f47 63574->63575 63577 6f831b10 57 API calls 63575->63577 63578 6f831b10 57 API calls 63576->63578 63579 6f841f66 63577->63579 63580 6f84215c 63578->63580 63581 6f844450 18 API calls 63579->63581 63582 6f844450 18 API calls 63580->63582 63583 6f841f79 63581->63583 63584 6f842175 63582->63584 63586 6f84888a new 22 API calls 63583->63586 63585 6f84888a new 22 API calls 63584->63585 63587 6f842183 63585->63587 63588 6f841f87 63586->63588 63589 6f831b10 57 API calls 63587->63589 63590 6f831b10 57 API calls 63588->63590 63591 6f8421a2 63589->63591 63592 6f841fa6 63590->63592 63593 6f844450 18 API calls 63591->63593 63594 6f844450 18 API calls 63592->63594 63595 6f8421bb 63593->63595 63596 6f841fbf 63594->63596 63597 6f84888a new 22 API calls 63595->63597 63598 6f84888a new 22 API calls 63596->63598 63599 6f8421c9 63597->63599 63600 6f841fcd 63598->63600 63601 6f831b10 57 API calls 63599->63601 63602 6f831b10 57 API calls 63600->63602 63603 6f8421e8 63601->63603 63604 6f841fec 63602->63604 63605 6f844450 18 API calls 63603->63605 63606 6f844450 18 API calls 63604->63606 63607 6f841ffc 63605->63607 63606->63607 63848 6f838590 63607->63848 63609 6f84221d GetWindowDC CreateCompatibleDC CreateCompatibleBitmap SelectObject ReleaseDC 63609->63458 63611 6f838800 4 API calls 63610->63611 63612 6f838954 63611->63612 63613 6f83895e 63612->63613 63614 6f838bec 63612->63614 63615 6f84888a new 22 API calls 63613->63615 63616 6f84888a new 22 API calls 63614->63616 63617 6f838978 63615->63617 63618 6f838c06 63616->63618 63619 6f831b10 57 API calls 63617->63619 63620 6f831b10 57 API calls 63618->63620 63621 6f838997 63619->63621 63622 6f838c25 63620->63622 63623 6f844450 18 API calls 63621->63623 63624 6f844450 18 API calls 63622->63624 63625 6f8389b0 63623->63625 63626 6f838c3e 63624->63626 63627 6f84888a new 22 API calls 63625->63627 63628 6f84888a new 22 API calls 63626->63628 63630 6f8389be 63627->63630 63629 6f838c4c 63628->63629 63631 6f831b10 57 API calls 63629->63631 63632 6f831b10 57 API calls 63630->63632 63633 6f838c6b 63631->63633 63634 6f8389dd 63632->63634 63635 6f844450 18 API calls 63633->63635 63636 6f844450 18 API calls 63634->63636 63637 6f838c84 63635->63637 63638 6f8389f6 63636->63638 63639 6f84888a new 22 API calls 63637->63639 63640 6f84888a new 22 API calls 63638->63640 63642 6f838c92 63639->63642 63641 6f838a04 63640->63641 63643 6f831b10 57 API calls 63641->63643 63644 6f831b10 57 API calls 63642->63644 63645 6f838a23 63643->63645 63646 6f838cb1 63644->63646 63647 6f844450 18 API calls 63645->63647 63648 6f844450 18 API calls 63646->63648 63649 6f838a3c 63647->63649 63650 6f838cca 63648->63650 63651 6f84888a new 22 API calls 63649->63651 63652 6f84888a new 22 API calls 63650->63652 63653 6f838a4a 63651->63653 63654 6f838cd8 63652->63654 63655 6f831b10 57 API calls 63653->63655 63656 6f831b10 57 API calls 63654->63656 63657 6f838a69 63655->63657 63658 6f838cf7 63656->63658 63659 6f844450 18 API calls 63657->63659 63660 6f844450 18 API calls 63658->63660 63662 6f838a82 63659->63662 63661 6f838d10 63660->63661 63663 6f84888a new 22 API calls 63661->63663 63664 6f84888a new 22 API calls 63662->63664 63665 6f838d1e 63663->63665 63666 6f838a90 63664->63666 63667 6f831b10 57 API calls 63665->63667 63668 6f831b10 57 API calls 63666->63668 63669 6f838d3d 63667->63669 63670 6f838aaf 63668->63670 63671 6f844450 18 API calls 63669->63671 63672 6f844450 18 API calls 63670->63672 63674 6f838d56 63671->63674 63673 6f838ac8 63672->63673 63675 6f84888a new 22 API calls 63673->63675 63676 6f84888a new 22 API calls 63674->63676 63677 6f838ad6 63675->63677 63678 6f838d64 63676->63678 63679 6f831b10 57 API calls 63677->63679 63680 6f831b10 57 API calls 63678->63680 63681 6f838af5 63679->63681 63682 6f838d83 63680->63682 63683 6f844450 18 API calls 63681->63683 63684 6f844450 18 API calls 63682->63684 63685 6f838b0e 63683->63685 63686 6f838d9c 63684->63686 63687 6f84888a new 22 API calls 63685->63687 63688 6f84888a new 22 API calls 63686->63688 63689 6f838b1c 63687->63689 63690 6f838daa 63688->63690 63691 6f831b10 57 API calls 63689->63691 63692 6f831b10 57 API calls 63690->63692 63694 6f838b33 63691->63694 63693 6f838dc1 63692->63693 63695 6f8323b0 38 API calls 63693->63695 63982 6f8323b0 63694->63982 63697 6f838ddc 63695->63697 63699 6f844450 18 API calls 63697->63699 63698 6f838b4e 63700 6f844450 18 API calls 63698->63700 63701 6f838dfd 63699->63701 63702 6f838b6f 63700->63702 63704 6f84888a new 22 API calls 63701->63704 63703 6f84888a new 22 API calls 63702->63703 63705 6f838ba2 63703->63705 63706 6f838e30 63704->63706 63707 6f831b10 57 API calls 63705->63707 63708 6f831b10 57 API calls 63706->63708 63709 6f838bc1 63707->63709 63710 6f838e4f 63708->63710 63711 6f844450 18 API calls 63709->63711 63712 6f844450 18 API calls 63710->63712 63713 6f838bda 63711->63713 63712->63713 63714 6f838590 13 API calls 63713->63714 63715 6f838e84 GetWindowDC CreateCompatibleDC CreateCompatibleBitmap SelectObject ReleaseDC 63714->63715 63715->63460 63717 6f838800 4 API calls 63716->63717 63718 6f8437b1 63717->63718 63719 6f84390c 63718->63719 63720 6f8437bb 63718->63720 63721 6f84888a new 22 API calls 63719->63721 63722 6f84888a new 22 API calls 63720->63722 63723 6f843926 63721->63723 63724 6f8437d5 63722->63724 63725 6f831b10 57 API calls 63723->63725 63726 6f831b10 57 API calls 63724->63726 63727 6f843945 63725->63727 63728 6f8437f4 63726->63728 63729 6f844450 18 API calls 63727->63729 63730 6f844450 18 API calls 63728->63730 63731 6f84395e 63729->63731 63732 6f84380d 63730->63732 63733 6f84888a new 22 API calls 63731->63733 63734 6f84888a new 22 API calls 63732->63734 63735 6f84396c 63733->63735 63736 6f84381b 63734->63736 63737 6f831b10 57 API calls 63735->63737 63738 6f831b10 57 API calls 63736->63738 63739 6f84398b 63737->63739 63740 6f84383a 63738->63740 63742 6f844450 18 API calls 63739->63742 63741 6f844450 18 API calls 63740->63741 63743 6f843853 63741->63743 63744 6f8439a4 63742->63744 63745 6f84888a new 22 API calls 63743->63745 63746 6f84888a new 22 API calls 63744->63746 63747 6f843861 63745->63747 63748 6f8439b2 63746->63748 63749 6f831b10 57 API calls 63747->63749 63750 6f831b10 57 API calls 63748->63750 63752 6f843880 63749->63752 63751 6f8439d1 63750->63751 63753 6f844450 18 API calls 63751->63753 63754 6f844450 18 API calls 63752->63754 63755 6f8439ea 63753->63755 63756 6f843899 63754->63756 63757 6f84888a new 22 API calls 63755->63757 63758 6f84888a new 22 API calls 63756->63758 63759 6f8439f8 63757->63759 63760 6f8438a7 63758->63760 63761 6f831b10 57 API calls 63759->63761 63762 6f831b10 57 API calls 63760->63762 63763 6f843a17 63761->63763 63764 6f8438c6 63762->63764 63765 6f844450 18 API calls 63763->63765 63766 6f844450 18 API calls 63764->63766 63767 6f843a30 63765->63767 63768 6f8438df 63766->63768 63769 6f838590 13 API calls 63767->63769 63770 6f838590 13 API calls 63768->63770 63771 6f8438fc 63769->63771 63770->63771 63772 6f838590 13 API calls 63771->63772 63773 6f843a60 GetWindowDC CreateCompatibleDC CreateCompatibleBitmap SelectObject ReleaseDC 63772->63773 63773->63462 63992 6f836080 CreatePen GetDC 63774->63992 63776 6f837815 GdipCreatePen1 63776->63464 63778 6f83160d 63777->63778 63787 6f831653 63777->63787 63995 6f848327 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 63778->63995 63791 6f831694 63787->63791 63996 6f848327 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 63787->63996 63791->63467 63814 6f8311a0 63791->63814 63997 6f835110 63792->63997 63795 6f831b10 57 API calls 63796 6f8347fa 63795->63796 64011 6f831a10 63796->64011 63799 6f834835 LoadLibraryW 63800 6f834844 GetProcAddress GetProcAddress 63799->63800 63801 6f834871 17 API calls 63799->63801 63800->63801 63802 6f834869 63800->63802 63803 6f83ad90 GdipAlloc 63801->63803 63802->63801 63804 6f83adc7 63803->63804 63805 6f83ada6 GdipCreateFromHDC 63803->63805 63806 6f83adc9 GdipSetInterpolationMode 63804->63806 63805->63806 63807 6f83ade0 GdipSetSmoothingMode 63806->63807 63808 6f83addd 63806->63808 63809 6f83adf7 GdipSetPixelOffsetMode 63807->63809 63810 6f83adf4 63807->63810 63808->63807 63811 6f83ae0b 63809->63811 63812 6f83ae0e GdipSetCompositingQuality 63809->63812 63810->63809 63811->63812 63813 6f83aa36 CreatePen CreatePen CreateSolidBrush GdipSetStringFormatAlign 63812->63813 63813->63481 63813->63482 64047 6f84aacc 63814->64047 63816 6f8311f1 63817 6f8311a0 RaiseException 63816->63817 63822 6f8311fb 63817->63822 63818 6f8311e7 63821 6f8311a0 RaiseException 63818->63821 63819 6f8311d9 63819->63467 63820 6f8311b7 63820->63816 63820->63818 63820->63819 63823 6f8311a0 RaiseException 63820->63823 63821->63816 63823->63818 63825 6f83883c 63824->63825 63826 6f83880c GetDC 63824->63826 63825->63523 63825->63524 63826->63825 63827 6f83881b GetDeviceCaps GetDeviceCaps ReleaseDC 63826->63827 63827->63825 63829 6f8315f0 35 API calls 63828->63829 63830 6f831b3f 63829->63830 63831 6f831b4f 63830->63831 63832 6f8311a0 RaiseException 63830->63832 63833 6f831b6f 63831->63833 63834 6f831b88 63831->63834 63832->63831 63882 6f831300 9 API calls 63833->63882 63834->63834 63865 6f831e50 63834->63865 63837 6f831b79 63839 6f831b86 63837->63839 63883 6f831ce0 42 API calls 63837->63883 63840 6f844450 63839->63840 63841 6f838590 13 API calls 63840->63841 63842 6f84454e 63841->63842 63843 6f838590 13 API calls 63842->63843 63844 6f844563 63843->63844 63845 6f838590 13 API calls 63844->63845 63846 6f844578 GetWindowDC CreateCompatibleDC CreateCompatibleBitmap SelectObject ReleaseDC 63845->63846 63847 6f841e70 63846->63847 63847->63538 63849 6f83859f 63848->63849 63850 6f8385b3 GlobalUnlock GlobalFree 63849->63850 63851 6f8385ca FindResourceW 63849->63851 63850->63851 63852 6f8386b6 63851->63852 63853 6f8385e4 SizeofResource 63851->63853 63852->63609 63853->63852 63854 6f8385f7 LoadResource LockResource 63853->63854 63854->63852 63855 6f838610 GlobalAlloc 63854->63855 63855->63852 63856 6f838627 GlobalLock 63855->63856 63857 6f838632 63856->63857 63858 6f8386a6 GlobalFree 63856->63858 63859 6f83863a CreateStreamOnHGlobal 63857->63859 63858->63852 63860 6f838657 63859->63860 63861 6f83869d GlobalUnlock 63859->63861 63979 6f838430 GdipAlloc 63860->63979 63861->63858 63863 6f838680 63863->63609 63864 6f83865f 63864->63861 63864->63863 63866 6f831e5e 63865->63866 63873 6f831e69 63865->63873 63891 6f831c20 38 API calls 63866->63891 63867 6f831eb3 63871 6f8311a0 RaiseException 63867->63871 63881 6f831ecf 63867->63881 63869 6f831eea 63872 6f8311a0 RaiseException 63869->63872 63870 6f831e63 63870->63839 63871->63869 63875 6f831ef4 63872->63875 63873->63867 63873->63869 63874 6f831e9c 63873->63874 63884 6f831c80 63873->63884 63877 6f831ea6 63874->63877 63878 6f831eb5 63874->63878 63892 6f831f00 20 API calls 2 library calls 63877->63892 63893 6f8310e0 26 API calls 3 library calls 63878->63893 63881->63839 63882->63837 63883->63839 63885 6f831c99 63884->63885 63889 6f831ca7 63884->63889 63894 6f831dc0 63885->63894 63887 6f831cd3 63887->63874 63888 6f831ca1 63888->63874 63889->63887 63922 6f831d80 38 API calls 63889->63922 63891->63870 63892->63867 63893->63867 63895 6f831de1 63894->63895 63923 6f8316a0 63895->63923 63897 6f831df4 63948 6f8310e0 26 API calls 3 library calls 63897->63948 63898 6f831e3a 63929 6f831e40 63898->63929 63901 6f831e3f 63903 6f8311a0 RaiseException 63901->63903 63902 6f831e0e 63902->63888 63904 6f831e4a 63903->63904 63905 6f831e5e 63904->63905 63912 6f831e69 63904->63912 63949 6f831c20 38 API calls 63905->63949 63906 6f831eb3 63910 6f8311a0 RaiseException 63906->63910 63920 6f831ecf 63906->63920 63908 6f831eea 63911 6f8311a0 RaiseException 63908->63911 63909 6f831e63 63909->63888 63910->63908 63914 6f831ef4 63911->63914 63912->63906 63912->63908 63913 6f831e9c 63912->63913 63915 6f831c80 38 API calls 63912->63915 63916 6f831ea6 63913->63916 63917 6f831eb5 63913->63917 63915->63913 63950 6f831f00 20 API calls 2 library calls 63916->63950 63951 6f8310e0 26 API calls 3 library calls 63917->63951 63920->63888 63922->63887 63924 6f8316ad 63923->63924 63925 6f8316b4 63923->63925 63924->63897 63924->63898 63925->63924 63952 6f8314c0 RtlAllocateHeap 63925->63952 63953 6f831415 63925->63953 63964 6f831410 63925->63964 63930 6f8311a0 RaiseException 63929->63930 63931 6f831e4a 63930->63931 63932 6f831e69 63931->63932 63933 6f831e5e 63931->63933 63935 6f831eea 63932->63935 63939 6f831e9c 63932->63939 63941 6f831c80 38 API calls 63932->63941 63946 6f831eb3 63932->63946 63976 6f831c20 38 API calls 63933->63976 63938 6f8311a0 RaiseException 63935->63938 63936 6f831e63 63936->63901 63937 6f8311a0 RaiseException 63937->63935 63940 6f831ef4 63938->63940 63942 6f831ea6 63939->63942 63943 6f831eb5 63939->63943 63941->63939 63977 6f831f00 20 API calls 2 library calls 63942->63977 63978 6f8310e0 26 API calls 3 library calls 63943->63978 63946->63937 63947 6f831ecf 63946->63947 63947->63901 63948->63902 63949->63909 63950->63906 63951->63906 63952->63924 63954 6f831420 63953->63954 63955 6f8314a6 63953->63955 63956 6f831425 63954->63956 63957 6f83145f 63954->63957 63959 6f8314aa RaiseException 63954->63959 63963 6f831448 UnregisterClassW 63954->63963 63955->63924 63956->63924 63958 6f83147d DeleteCriticalSection 63957->63958 63974 6f84be34 22 API calls __dosmaperr 63957->63974 63958->63955 63962 6f8314c0 RtlAllocateHeap 63959->63962 63961 6f831470 63961->63958 63962->63924 63963->63954 63963->63957 63968 6f831415 63964->63968 63965 6f831425 63965->63924 63966 6f83145f 63967 6f83147d DeleteCriticalSection 63966->63967 63975 6f84be34 22 API calls __dosmaperr 63966->63975 63967->63965 63968->63965 63968->63966 63969 6f8314aa RaiseException 63968->63969 63973 6f831448 UnregisterClassW 63968->63973 63972 6f8314c0 RtlAllocateHeap 63969->63972 63971 6f831470 63971->63967 63972->63924 63973->63966 63973->63968 63974->63961 63975->63971 63976->63936 63977->63946 63978->63946 63980 6f838446 GdipCreateBitmapFromStream 63979->63980 63981 6f83846f 63979->63981 63980->63864 63981->63864 63983 6f8323bb 63982->63983 63984 6f8323ca 63983->63984 63985 6f8323e3 63983->63985 63986 6f832408 63983->63986 63984->63698 63991 6f8310e0 26 API calls 3 library calls 63985->63991 63987 6f831e40 38 API calls 63986->63987 63989 6f83240d 63987->63989 63990 6f832400 63990->63698 63991->63990 63993 6f83611d GetDeviceCaps GetDeviceCaps ReleaseDC 63992->63993 63994 6f83613c MulDiv 63992->63994 63993->63994 63994->63776 64019 6f834dd0 63997->64019 64000 6f8351c0 64002 6f831b10 57 API calls 64000->64002 64001 6f83515b 64003 6f831b10 57 API calls 64001->64003 64005 6f8347e9 64002->64005 64004 6f835164 64003->64004 64044 6f8352d0 40 API calls 64004->64044 64005->63795 64007 6f835170 64045 6f833b70 39 API calls 64007->64045 64009 6f835178 64010 6f8323b0 38 API calls 64009->64010 64010->64005 64012 6f831a37 PathAppendW 64011->64012 64013 6f831a2d 64011->64013 64016 6f831a4a 64012->64016 64014 6f831c80 38 API calls 64013->64014 64014->64012 64015 6f831a63 PathFileExistsW 64015->63799 64015->63801 64016->64015 64017 6f8311a0 RaiseException 64016->64017 64018 6f831a80 64017->64018 64020 6f8315f0 35 API calls 64019->64020 64021 6f834e15 64020->64021 64022 6f834e25 SetLastError 64021->64022 64023 6f8311a0 RaiseException 64021->64023 64025 6f834e63 GetModuleFileNameW 64022->64025 64026 6f834e53 64022->64026 64023->64022 64027 6f834e85 64025->64027 64028 6f834e7a GetLastError 64025->64028 64029 6f831c80 38 API calls 64026->64029 64031 6f834eb0 GetModuleFileNameW 64027->64031 64032 6f834ea0 64027->64032 64028->64027 64030 6f834ec1 64028->64030 64033 6f834e60 64029->64033 64035 6f834eef 64030->64035 64038 6f834eca GetLastError 64030->64038 64031->64030 64034 6f831c80 38 API calls 64032->64034 64033->64025 64037 6f834ead 64034->64037 64036 6f831b10 57 API calls 64035->64036 64043 6f834ee8 64036->64043 64037->64031 64038->64035 64039 6f834ed5 64038->64039 64046 6f831bd0 RaiseException 64039->64046 64041 6f834ede 64042 6f8323b0 38 API calls 64041->64042 64042->64043 64043->64000 64043->64001 64044->64007 64045->64009 64046->64041 64049 6f84aaec 64047->64049 64048 6f84ab1e RaiseException 64048->63820 64049->64048 64050 fa0c39 64051 fa0c45 ___FrameUnwindToState 64050->64051 64075 fa0858 64051->64075 64053 fa0c4c 64055 fa0c75 64053->64055 64107 fa0dab IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 64053->64107 64063 fa0cb4 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 64055->64063 64086 fac451 64055->64086 64059 fa0c94 ___FrameUnwindToState 64060 fa0d14 64094 fa0ec6 64060->64094 64062 fa0d1a 64098 f9a4d0 CoInitialize 64062->64098 64063->64060 64108 fab852 38 API calls 3 library calls 64063->64108 64066 fa0d2f 64109 fa0ef9 GetModuleHandleW 64066->64109 64068 fa0d36 64069 fa0d40 64068->64069 64110 fab88a 28 API calls _abort 64068->64110 64071 fa0d49 64069->64071 64111 fab82d 28 API calls _abort 64069->64111 64112 fa09cf 13 API calls 2 library calls 64071->64112 64074 fa0d51 64074->64059 64076 fa0861 64075->64076 64113 fa0fe8 IsProcessorFeaturePresent 64076->64113 64078 fa086d 64114 fa3258 10 API calls 4 library calls 64078->64114 64080 fa0872 64085 fa0876 64080->64085 64115 fac2af 64080->64115 64082 fa088d 64082->64053 64085->64053 64088 fac468 64086->64088 64087 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64089 fa0c8e 64087->64089 64088->64087 64089->64059 64090 fac3f5 64089->64090 64093 fac424 64090->64093 64091 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64092 fac44d 64091->64092 64092->64063 64093->64091 64184 fa3450 64094->64184 64097 fa0eec 64097->64062 64186 fa078f 64098->64186 64102 f9a4f3 GetMessageW 64103 f9a509 64102->64103 64106 f9a537 CoUninitialize 64102->64106 64105 f9a517 TranslateMessage DispatchMessageW GetMessageW 64103->64105 64105->64105 64105->64106 64106->64066 64107->64053 64108->64060 64109->64068 64110->64069 64111->64071 64112->64074 64113->64078 64114->64080 64119 faf495 64115->64119 64118 fa3281 8 API calls 3 library calls 64118->64085 64120 faf4b2 64119->64120 64123 faf4ae 64119->64123 64120->64123 64125 fade1c 64120->64125 64122 fa087f 64122->64082 64122->64118 64137 fa0347 64123->64137 64126 fade28 ___FrameUnwindToState 64125->64126 64144 fae6cb EnterCriticalSection 64126->64144 64128 fade2f 64145 faf963 64128->64145 64130 fade3e 64131 fade4d 64130->64131 64158 fadcb0 29 API calls 64130->64158 64160 fade69 LeaveCriticalSection _abort 64131->64160 64134 fade48 64159 fadd66 GetStdHandle GetFileType 64134->64159 64135 fade5e ___FrameUnwindToState 64135->64120 64138 fa0352 IsProcessorFeaturePresent 64137->64138 64139 fa0350 64137->64139 64141 fa05cc 64138->64141 64139->64122 64183 fa0590 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64141->64183 64143 fa06af 64143->64122 64144->64128 64146 faf96f ___FrameUnwindToState 64145->64146 64147 faf97c 64146->64147 64148 faf993 64146->64148 64169 faa4e5 20 API calls __dosmaperr 64147->64169 64161 fae6cb EnterCriticalSection 64148->64161 64151 faf981 64170 faa011 26 API calls __cftof 64151->64170 64153 faf98b ___FrameUnwindToState 64153->64130 64154 faf9cb 64171 faf9f2 LeaveCriticalSection _abort 64154->64171 64155 faf99f 64155->64154 64162 faf8b4 64155->64162 64158->64134 64159->64131 64160->64135 64161->64155 64172 fac751 64162->64172 64164 faf8c6 64168 faf8d3 64164->64168 64179 fae3cc 11 API calls 2 library calls 64164->64179 64167 faf925 64167->64155 64180 fac6c9 20 API calls _free 64168->64180 64169->64151 64170->64153 64171->64153 64177 fac75e pre_c_initialization 64172->64177 64173 fac79e 64182 faa4e5 20 API calls __dosmaperr 64173->64182 64174 fac789 RtlAllocateHeap 64175 fac79c 64174->64175 64174->64177 64175->64164 64177->64173 64177->64174 64181 fab410 7 API calls 2 library calls 64177->64181 64179->64164 64180->64167 64181->64177 64182->64175 64183->64143 64185 fa0ed9 GetStartupInfoW 64184->64185 64185->64097 64192 fa0794 64186->64192 64188 f9a4e9 64193 f9d300 64188->64193 64192->64188 64251 faa071 64192->64251 64260 fab410 7 API calls 2 library calls 64192->64260 64261 fa0fcb RaiseException Concurrency::cancel_current_task __CxxThrowException@8 64192->64261 64262 fa02dd RaiseException Concurrency::cancel_current_task __CxxThrowException@8 64192->64262 64265 f875c0 64193->64265 64199 f9d3a2 64200 f86c60 35 API calls 64199->64200 64201 f9d3c6 64200->64201 64298 f8f270 64201->64298 64205 f9d411 64206 f8f270 93 API calls 64205->64206 64207 f9d423 RegisterWindowMessageW 64206->64207 64208 f92aa0 140 API calls 64207->64208 64209 f9d45c 64208->64209 64210 f8f270 93 API calls 64209->64210 64211 f9d46e RegisterWindowMessageW 64210->64211 64212 f875c0 45 API calls 64211->64212 64213 f9d49d 64212->64213 64214 f875c0 45 API calls 64213->64214 64215 f9d4ae 64214->64215 64314 f88090 64215->64314 64218 f9d65c PostQuitMessage 64221 f9d664 64218->64221 64219 f9d536 64331 f8d330 64219->64331 64221->64102 64225 f9d54b 64365 f8aa20 64225->64365 64227 f9d550 64372 6f836fd0 64227->64372 64231 f9d5a8 64232 f9d5bc 64231->64232 64233 f9d5b5 DestroyMenu 64231->64233 64378 f9e220 64232->64378 64233->64232 64239 f9d5eb 64493 f9d8c0 64239->64493 64245 f9d606 64657 f9d7e0 64245->64657 64249 f9d648 64249->64102 64252 fac703 64251->64252 64253 fac741 64252->64253 64255 fac72c HeapAlloc 64252->64255 64258 fac715 pre_c_initialization 64252->64258 64264 faa4e5 20 API calls __dosmaperr 64253->64264 64256 fac73f 64255->64256 64255->64258 64257 fac746 64256->64257 64257->64192 64258->64253 64258->64255 64263 fab410 7 API calls 2 library calls 64258->64263 64260->64192 64263->64258 64264->64257 64266 f86c60 35 API calls 64265->64266 64267 f875ef 64266->64267 64268 f87638 64267->64268 64269 f8761f 64267->64269 64677 f87bc0 64268->64677 64675 f87190 9 API calls 64269->64675 64272 f87629 64274 f87636 64272->64274 64676 f87ae0 30 API calls 64272->64676 64275 f9f920 64274->64275 64276 f86c60 35 API calls 64275->64276 64277 f9f992 64276->64277 64278 f86c60 35 API calls 64277->64278 64279 f9f9b6 64278->64279 64712 f885c0 64279->64712 64281 f9f9e1 RegisterWindowMessageA 64282 f9d341 RegisterWindowMessageW RegisterWindowMessageW 64281->64282 64283 f86c60 64282->64283 64284 f86c76 64283->64284 64286 f86cbc 64283->64286 64723 fa048c EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 64284->64723 64287 f86cfd 64286->64287 64724 fa048c EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 64286->64724 64287->64199 64725 f8f330 64298->64725 64301 f8f2bb 64303 f86f20 26 API calls 64301->64303 64304 f8f2f1 64303->64304 64305 f92aa0 64304->64305 64306 f86c60 35 API calls 64305->64306 64307 f92aa8 64306->64307 64308 f92b9b 64307->64308 64309 f86c60 35 API calls 64307->64309 64850 f92be0 140 API calls 64308->64850 64310 f92b15 64309->64310 64310->64308 64313 f92b1f 64310->64313 64312 f92bbb 64312->64205 64313->64205 64315 f86c60 35 API calls 64314->64315 64316 f880d8 64315->64316 64317 f86c60 35 API calls 64316->64317 64318 f880fc 64317->64318 64319 f88111 InitializeCriticalSectionAndSpinCount 64318->64319 64320 f88171 64319->64320 64321 f88167 GetLastError 64319->64321 64322 f885c0 27 API calls 64320->64322 64321->64320 64323 f88193 64322->64323 64324 f885c0 27 API calls 64323->64324 64325 f8819f CreateEventW 64324->64325 64326 f881e2 CreateThread 64325->64326 64327 f881b7 WaitForSingleObject 64325->64327 64330 f88212 CreateMutexW WaitForSingleObject 64326->64330 64851 f86f00 64326->64851 64328 f881d2 CloseHandle 64327->64328 64329 f881c7 TerminateThread 64327->64329 64328->64326 64329->64328 64330->64218 64330->64219 64332 f8d37c 64331->64332 64333 f8bf50 4 API calls 64332->64333 64334 f8d390 64333->64334 64335 f8d586 64334->64335 64853 f8bed0 64334->64853 64336 f8d58d RegCloseKey 64335->64336 64337 f8d590 64335->64337 64336->64337 64352 f9e0e0 64337->64352 64339 f8d3dd 64339->64335 64340 f8bf50 4 API calls 64339->64340 64341 f8d43c 64340->64341 64342 f86c60 35 API calls 64341->64342 64349 f8d549 64341->64349 64350 f8d477 64342->64350 64343 f8d578 RegCloseKey 64344 f8d57d 64343->64344 64344->64335 64345 f8d581 RegCloseKey 64344->64345 64345->64335 64346 f8d52d 64348 f8d541 RegCloseKey 64346->64348 64346->64349 64347 f8d4c1 RegEnumValueW 64347->64346 64347->64350 64348->64349 64349->64343 64349->64344 64350->64346 64350->64347 64861 f8d220 64350->64861 64872 f8d8f0 64352->64872 64354 f9e114 64358 f9d542 64354->64358 64884 f873f0 64354->64884 64357 f9e14e LoadLibraryW GetLastError 64357->64358 64359 f9e167 GetProcAddress 64357->64359 64358->64218 64358->64225 64359->64358 64360 f9e17c GetProcAddress 64359->64360 64360->64358 64361 f9e18d GetProcAddress 64360->64361 64361->64358 64362 f9e19e GetProcAddress 64361->64362 64362->64358 64363 f9e1af GetProcAddress 64362->64363 64363->64358 64364 f9e1c0 64363->64364 64364->64358 64366 f875c0 45 API calls 64365->64366 64367 f8aa50 64366->64367 64913 f8a140 64367->64913 64369 f8aa59 64370 f885c0 27 API calls 64369->64370 64371 f8aa6b 64370->64371 64371->64227 64373 6f831b10 57 API calls 64372->64373 64374 6f836ffd 64373->64374 65037 6f8334a0 64374->65037 64376 f9d569 LoadMenuW 64377 f9f710 GetSubMenu 64376->64377 64377->64231 64379 f875c0 45 API calls 64378->64379 64380 f9e25d 64379->64380 64381 f875c0 45 API calls 64380->64381 64382 f9e271 64381->64382 65045 f89de0 64382->65045 64387 f875c0 45 API calls 64388 f9e2a2 64387->64388 64389 f875c0 45 API calls 64388->64389 64390 f9e2b6 64389->64390 64391 f89de0 46 API calls 64390->64391 64392 f9e2c6 64391->64392 64393 f873f0 35 API calls 64392->64393 64394 f9e2d6 64393->64394 64395 f8dda0 27 API calls 64394->64395 64396 f9e2e6 64395->64396 64397 f875c0 45 API calls 64396->64397 64398 f9e325 64397->64398 64399 f875c0 45 API calls 64398->64399 64400 f9e339 64399->64400 64401 f89de0 46 API calls 64400->64401 64402 f9e349 64401->64402 64403 f873f0 35 API calls 64402->64403 64404 f9e359 64403->64404 64405 f8dda0 27 API calls 64404->64405 64406 f9e369 64405->64406 64407 f875c0 45 API calls 64406->64407 64408 f9e39e 64407->64408 64409 f875c0 45 API calls 64408->64409 64410 f9e3b2 64409->64410 64411 f89de0 46 API calls 64410->64411 64412 f9e3bf 64411->64412 64413 f8dda0 27 API calls 64412->64413 64414 f9e3cc 64413->64414 64415 f875c0 45 API calls 64414->64415 64416 f9e3de 64415->64416 64417 f875c0 45 API calls 64416->64417 64418 f9e3f2 64417->64418 64419 f89de0 46 API calls 64418->64419 64420 f9e3ff 64419->64420 64421 f8dda0 27 API calls 64420->64421 64422 f9d5c6 64421->64422 64423 f9e430 RemoveMenu RemoveMenu RemoveMenu RemoveMenu 64422->64423 64424 f875c0 45 API calls 64423->64424 64425 f9e4a0 64424->64425 64426 f875c0 45 API calls 64425->64426 64427 f9e4b7 64426->64427 64428 f875c0 45 API calls 64427->64428 64429 f9e4c8 64428->64429 64430 f8c0d0 45 API calls 64429->64430 64431 f9e4d7 64430->64431 64432 f9e4fd 64431->64432 64433 f9e5e6 64431->64433 64434 f875c0 45 API calls 64432->64434 64435 f875c0 45 API calls 64433->64435 64436 f9e502 64434->64436 64437 f9e5eb 64435->64437 65062 f8de60 27 API calls ___scrt_fastfail 64436->65062 65066 f8de60 27 API calls ___scrt_fastfail 64437->65066 64440 f9e5f8 64442 f875c0 45 API calls 64440->64442 64441 f9e50f 64443 f875c0 45 API calls 64441->64443 64444 f9e612 64442->64444 64445 f9e529 64443->64445 64446 f875c0 45 API calls 64444->64446 64447 f875c0 45 API calls 64445->64447 64448 f9e623 64446->64448 64449 f9e53a 64447->64449 64450 f89de0 46 API calls 64448->64450 64451 f89de0 46 API calls 64449->64451 64452 f9e62d 64450->64452 64453 f9e544 64451->64453 65067 f8de60 27 API calls ___scrt_fastfail 64452->65067 65063 f8de60 27 API calls ___scrt_fastfail 64453->65063 64456 f9e551 64457 f875c0 45 API calls 64456->64457 64458 f9e563 64457->64458 64459 f875c0 45 API calls 64458->64459 64460 f9e574 64459->64460 64461 f89de0 46 API calls 64460->64461 64462 f9e581 64461->64462 65064 f91330 26 API calls 3 library calls 64462->65064 64464 f9e595 65065 f8de60 27 API calls ___scrt_fastfail 64464->65065 64466 f9d5cd LoadIconW 64467 f9fb00 64466->64467 64468 f9fb5f 64467->64468 64469 f9fb2f 64467->64469 64471 f9fb6a ___scrt_fastfail 64468->64471 64472 f9fc55 64468->64472 65068 fa0030 64469->65068 64476 f9fb83 SetLastError 64471->64476 64474 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64472->64474 64477 f9fc68 64474->64477 65097 f9f8d0 64476->65097 64477->64239 64480 f9fc3c 64482 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64480->64482 64481 f9fbdc 64483 f9fbee 64481->64483 64484 f9fbe7 DestroyIcon 64481->64484 64485 f9fc4f 64482->64485 64486 f9fbf9 64483->64486 64487 f9fc1e 64483->64487 64484->64483 64485->64239 64488 f87bc0 26 API calls 64486->64488 64491 f87bc0 26 API calls 64487->64491 64489 f9fc05 64488->64489 64490 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64489->64490 64492 f9fc18 64490->64492 64491->64480 64492->64239 64494 f875c0 45 API calls 64493->64494 64495 f9d908 64494->64495 64496 f875c0 45 API calls 64495->64496 64497 f9d91c 64496->64497 65176 f8c3c0 64497->65176 64500 f9d9c3 64501 f875c0 45 API calls 64500->64501 64503 f9d9da 64501->64503 64502 f875c0 45 API calls 64504 f9d94e 64502->64504 64505 f875c0 45 API calls 64503->64505 64506 f875c0 45 API calls 64504->64506 64507 f9d9ee 64505->64507 64508 f9d962 64506->64508 64509 f8c3c0 44 API calls 64507->64509 64510 f8c3c0 44 API calls 64508->64510 64511 f9d9ff 64509->64511 64512 f9d970 64510->64512 64513 f9da93 64511->64513 64515 f875c0 45 API calls 64511->64515 64514 f875c0 45 API calls 64512->64514 64516 f875c0 45 API calls 64513->64516 64517 f9d984 64514->64517 64518 f9da1a 64515->64518 64519 f9daab 64516->64519 64520 f875c0 45 API calls 64517->64520 64521 f875c0 45 API calls 64518->64521 64522 f875c0 45 API calls 64519->64522 64523 f9d998 64520->64523 64524 f9da2e 64521->64524 64525 f9dabf 64522->64525 64526 f8c3c0 44 API calls 64523->64526 64527 f8c3c0 44 API calls 64524->64527 64528 f8c3c0 44 API calls 64525->64528 64529 f9d9a6 RegisterHotKey 64526->64529 64530 f9da3c 64527->64530 64531 f9dacd 64528->64531 64529->64500 64533 f875c0 45 API calls 64530->64533 64534 f9db63 64531->64534 64536 f875c0 45 API calls 64531->64536 64535 f9da50 64533->64535 64539 f875c0 45 API calls 64534->64539 64542 f9d5f2 64534->64542 64537 f875c0 45 API calls 64535->64537 64538 f9dae8 64536->64538 64540 f9da64 64537->64540 64541 f875c0 45 API calls 64538->64541 64543 f9db9b 64539->64543 64544 f8c3c0 44 API calls 64540->64544 64545 f9dafc 64541->64545 64617 f9f460 64542->64617 64546 f875c0 45 API calls 64543->64546 64547 f9da72 RegisterHotKey 64544->64547 64548 f8c3c0 44 API calls 64545->64548 64549 f9dbaf 64546->64549 64547->64513 64551 f9db0a 64548->64551 64552 f89de0 46 API calls 64549->64552 64553 f875c0 45 API calls 64551->64553 64554 f9dbbf 64552->64554 64555 f9db1e 64553->64555 64556 f873f0 35 API calls 64554->64556 64557 f875c0 45 API calls 64555->64557 64558 f9dbd0 64556->64558 64559 f9db32 64557->64559 64561 f9dbfa 64558->64561 64562 f9dc72 64558->64562 64560 f8c3c0 44 API calls 64559->64560 64564 f9db40 RegisterHotKey 64560->64564 64565 f875c0 45 API calls 64561->64565 64563 f875c0 45 API calls 64562->64563 64567 f9dc61 64563->64567 64564->64534 64566 f9dc0f 64565->64566 64569 f875c0 45 API calls 64566->64569 65196 f87c70 26 API calls 64567->65196 64570 f9dc20 64569->64570 64572 f89de0 46 API calls 64570->64572 64573 f9dc2d 64572->64573 65195 f87320 35 API calls 64573->65195 64575 f9dc46 64576 f873f0 35 API calls 64575->64576 64576->64567 64577 f9dc9c 64578 f9dd58 64577->64578 64579 f9ddd2 64577->64579 64580 f875c0 45 API calls 64578->64580 64581 f875c0 45 API calls 64579->64581 64582 f9dd6d 64580->64582 64583 f9ddc0 64581->64583 64584 f875c0 45 API calls 64582->64584 65198 f87c70 26 API calls 64583->65198 64585 f9dd7e 64584->64585 64587 f89de0 46 API calls 64585->64587 64588 f9dd8b 64587->64588 65197 f87320 35 API calls 64588->65197 64590 f9dda3 64591 f873f0 35 API calls 64590->64591 64591->64583 64592 f9debf 64595 f875c0 45 API calls 64592->64595 64593 f9df42 64596 f875c0 45 API calls 64593->64596 64594 f9ddfd 64594->64592 64594->64593 64597 f9ded4 64595->64597 64598 f9df2d 64596->64598 64599 f875c0 45 API calls 64597->64599 65200 f87c70 26 API calls 64598->65200 64600 f9dee5 64599->64600 64602 f89de0 46 API calls 64600->64602 64603 f9def2 64602->64603 65199 f87320 35 API calls 64603->65199 64605 f9df0d 64606 f873f0 35 API calls 64605->64606 64606->64598 64607 f875c0 45 API calls 64609 f9e03c 64607->64609 64608 f9df6d 64608->64607 64610 f875c0 45 API calls 64609->64610 64611 f9e04d 64610->64611 64612 f89de0 46 API calls 64611->64612 64613 f9e05a 64612->64613 65201 f87c70 26 API calls 64613->65201 64615 f9e06c 65202 f9fd10 64615->65202 64618 f86c60 35 API calls 64617->64618 64619 f9f49c 64618->64619 64620 f9f5e0 64619->64620 64621 f9f4d4 64619->64621 64623 f87bc0 26 API calls 64620->64623 64622 f875c0 45 API calls 64621->64622 64624 f9f4e4 64622->64624 64625 f9d5fd 64623->64625 64626 f875c0 45 API calls 64624->64626 64649 f9fdd0 64625->64649 64627 f9f4f8 64626->64627 64628 f8c3c0 44 API calls 64627->64628 64629 f9f503 64628->64629 64630 f875c0 45 API calls 64629->64630 64631 f9f517 64630->64631 64632 f875c0 45 API calls 64631->64632 64633 f9f52b 64632->64633 64634 f8c3c0 44 API calls 64633->64634 64635 f9f536 64634->64635 65211 f94e10 123 API calls 64635->65211 64638 f9f552 64639 f875c0 45 API calls 64638->64639 64640 f9f568 64639->64640 64641 f875c0 45 API calls 64640->64641 64642 f9f579 64641->64642 64643 f89de0 46 API calls 64642->64643 64644 f9f586 64643->64644 64645 f885c0 27 API calls 64644->64645 64646 f9f592 64645->64646 65212 f91330 26 API calls 3 library calls 64646->65212 64648 f9f5c2 64648->64625 64650 f9fe59 64649->64650 64653 f9fdf5 ___scrt_fastfail 64649->64653 64651 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64650->64651 64652 f9fe6b 64651->64652 64652->64245 64654 f9fe36 Shell_NotifyIconW 64653->64654 64655 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64654->64655 64656 f9fe53 64655->64656 64656->64245 64658 f875c0 45 API calls 64657->64658 64659 f9d818 64658->64659 64660 f875c0 45 API calls 64659->64660 64661 f9d82c 64660->64661 64662 f8c3c0 44 API calls 64661->64662 64663 f9d83d 64662->64663 64665 f9f460 123 API calls 64663->64665 64671 f9d85f 64663->64671 64664 f875c0 45 API calls 64667 f9d88a 64664->64667 64666 f9d850 64665->64666 64668 f9fd10 6 API calls 64666->64668 64669 f875c0 45 API calls 64667->64669 64668->64671 64670 f9d89e 64669->64670 65213 f8cac0 64670->65213 64671->64664 64674 f9c430 115 API calls 64674->64249 64675->64272 64676->64274 64678 f87bd9 64677->64678 64679 f87bce 64677->64679 64680 f87c23 64678->64680 64681 f87c25 64678->64681 64682 f87c16 64678->64682 64679->64274 64680->64274 64686 f86f20 64681->64686 64685 f87d40 20 API calls 2 library calls 64682->64685 64685->64680 64687 f86f2e 64686->64687 64688 f86f34 64686->64688 64687->64680 64689 f86f38 64688->64689 64693 f86f51 ___scrt_fastfail 64688->64693 64706 faa4e5 20 API calls __dosmaperr 64689->64706 64691 f86f3d 64707 faa011 26 API calls __cftof 64691->64707 64692 f86f5d 64692->64680 64693->64692 64695 f86f99 64693->64695 64696 f86f7f 64693->64696 64699 f86f8f 64695->64699 64710 faa4e5 20 API calls __dosmaperr 64695->64710 64708 faa4e5 20 API calls __dosmaperr 64696->64708 64697 f86f48 64697->64680 64699->64680 64700 f86f84 64709 faa011 26 API calls __cftof 64700->64709 64703 f86fa2 64711 faa011 26 API calls __cftof 64703->64711 64705 f86fad 64705->64680 64706->64691 64707->64697 64708->64700 64709->64699 64710->64703 64711->64705 64713 f885d8 64712->64713 64716 f88620 64712->64716 64714 f88615 64713->64714 64717 f885e8 64713->64717 64715 f87bc0 26 API calls 64714->64715 64715->64716 64716->64281 64718 f88604 64717->64718 64720 f86b50 64717->64720 64718->64281 64721 f86b5a RtlFreeHeap 64720->64721 64722 f86b66 64720->64722 64721->64722 64722->64718 64726 f86c60 35 API calls 64725->64726 64727 f8f364 64726->64727 64729 f86c60 35 API calls 64727->64729 64730 f8f53c 64727->64730 64738 f8f567 64727->64738 64745 f8ff40 26 API calls 64727->64745 64753 f8bf50 64727->64753 64763 f8c000 RegQueryValueExW 64727->64763 64765 f8f0b0 64727->64765 64795 f90010 50 API calls 64727->64795 64729->64727 64775 f89a70 64730->64775 64732 f8f551 64780 f8ba80 64732->64780 64737 f86c60 35 API calls 64737->64738 64739 f8f5b6 64738->64739 64741 f8f59c 64738->64741 64798 f8f1e0 64739->64798 64796 f87190 9 API calls 64741->64796 64744 f8f5b4 64786 f8fed0 64744->64786 64745->64727 64746 f8f5a6 64746->64744 64797 f87a20 32 API calls 64746->64797 64748 f8f5cb 64750 f8f60e RegCloseKey 64748->64750 64751 f8f2a0 64748->64751 64750->64751 64751->64301 64752 f87730 26 API calls 64751->64752 64752->64301 64754 f8bf6a 64753->64754 64755 f8bfb7 RegOpenKeyExW 64753->64755 64756 f8bfaa 64754->64756 64757 f8bf6f GetModuleHandleW 64754->64757 64758 f8bfb0 64755->64758 64756->64755 64756->64758 64759 f8bf7e 64757->64759 64760 f8bf85 GetProcAddress 64757->64760 64761 f8bfe5 64758->64761 64762 f8bfd6 RegCloseKey 64758->64762 64759->64758 64760->64758 64760->64759 64761->64727 64762->64761 64764 f8c032 64763->64764 64764->64727 64766 f86c60 35 API calls 64765->64766 64768 f8f0df 64766->64768 64767 f8f127 64769 f8f1e0 28 API calls 64767->64769 64768->64767 64770 f8f10e 64768->64770 64771 f8f125 64769->64771 64805 f87190 9 API calls 64770->64805 64771->64727 64773 f8f118 64773->64771 64806 f87a20 32 API calls 64773->64806 64777 f89a8a 64775->64777 64776 f89a99 64776->64732 64777->64776 64778 f86f20 26 API calls 64777->64778 64779 f89ad0 64778->64779 64779->64732 64781 f8bacf 64780->64781 64782 f8bac6 64780->64782 64807 f8b990 64781->64807 64818 f87730 26 API calls 64782->64818 64787 f8fef0 64786->64787 64789 f8ff04 64786->64789 64788 f89a70 26 API calls 64787->64788 64790 f8fef9 64788->64790 64791 f86c60 35 API calls 64789->64791 64792 f8ff19 64789->64792 64790->64748 64791->64792 64827 f8e460 64792->64827 64795->64727 64796->64746 64797->64744 64799 f8f1ef WideCharToMultiByte 64798->64799 64800 f8f253 64798->64800 64799->64800 64801 f8f20b 64799->64801 64800->64744 64802 f8f226 WideCharToMultiByte 64801->64802 64849 f87e10 26 API calls 64801->64849 64804 f8f241 64802->64804 64804->64744 64805->64773 64806->64771 64808 f86c60 35 API calls 64807->64808 64809 f8b9d7 64808->64809 64819 f8b820 CryptAcquireContextW 64809->64819 64813 f8ba31 64814 f885c0 27 API calls 64813->64814 64815 f8ba40 64814->64815 64816 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 64815->64816 64817 f8ba78 64816->64817 64817->64737 64818->64781 64820 f8b8a9 64819->64820 64821 f8b845 CryptCreateHash 64819->64821 64826 f8b8b0 59 API calls 64820->64826 64822 f8b89b CryptReleaseContext 64821->64822 64823 f8b862 CryptHashData 64821->64823 64822->64820 64824 f8b892 CryptDestroyHash 64823->64824 64825 f8b875 CryptGetHashParam 64823->64825 64824->64822 64825->64824 64826->64813 64828 f8e46e 64827->64828 64829 f8e4b5 64827->64829 64828->64829 64834 f86d10 64828->64834 64831 f86f20 26 API calls 64832 f8e4aa 64831->64832 64832->64748 64835 f86d1d 64834->64835 64836 f86d24 64834->64836 64835->64829 64835->64831 64836->64835 64839 f86a80 64836->64839 64848 f86b30 RtlAllocateHeap 64836->64848 64840 f86b16 64839->64840 64842 f86a90 64839->64842 64840->64835 64841 f86a95 64841->64835 64842->64841 64844 f86b1a RaiseException 64842->64844 64845 f86ab8 UnregisterClassW 64842->64845 64847 f86acf 64842->64847 64843 f86aed DeleteCriticalSection 64843->64840 64846 f86b30 RtlAllocateHeap 64844->64846 64845->64842 64845->64847 64846->64835 64847->64843 64848->64835 64849->64802 64850->64312 64852 f86f0a 64851->64852 64854 f8beff RegCreateKeyExW 64853->64854 64855 f8beef 64853->64855 64857 f8bf18 64854->64857 64867 f8be20 GetModuleHandleW GetProcAddress RegCreateKeyExW 64855->64867 64859 f8bf33 64857->64859 64860 f8bf24 RegCloseKey 64857->64860 64858 f8befd 64858->64857 64859->64339 64860->64859 64862 f8d293 64861->64862 64868 f8d130 RegQueryValueExW 64862->64868 64864 f8d2a1 64865 f8d2e5 64864->64865 64866 f8d2bb RegSetValueExW 64864->64866 64865->64350 64866->64865 64867->64858 64869 f8d1e2 64868->64869 64871 f8d17f ___InternalCxxFrameHandler 64868->64871 64869->64864 64870 f8d1ca RegQueryValueExW 64870->64869 64871->64870 64890 f8d5b0 64872->64890 64874 f8d92b 64875 f8d93b 64874->64875 64876 f8d9a0 64874->64876 64878 f875c0 45 API calls 64875->64878 64877 f875c0 45 API calls 64876->64877 64883 f8d958 64877->64883 64879 f8d944 64878->64879 64905 f8e3d0 PathRemoveFileSpecW 64879->64905 64881 f8d950 64906 f8add0 PathAddBackslashW 64881->64906 64883->64354 64885 f87436 64884->64885 64886 f86c60 35 API calls 64885->64886 64887 f87446 64885->64887 64886->64887 64907 f87840 64887->64907 64889 f874a2 PathFileExistsW 64889->64357 64889->64358 64891 f86c60 35 API calls 64890->64891 64892 f8d5f5 64891->64892 64893 f8d60a SetLastError 64892->64893 64894 f8d643 GetModuleFileNameW 64893->64894 64895 f8d633 64893->64895 64896 f8d65a GetLastError 64894->64896 64897 f8d665 64894->64897 64895->64894 64896->64897 64901 f8d6a1 64896->64901 64898 f8d690 GetModuleFileNameW 64897->64898 64899 f8d680 64897->64899 64898->64901 64899->64898 64900 f8d6cf 64903 f875c0 45 API calls 64900->64903 64901->64900 64902 f8d6aa GetLastError 64901->64902 64902->64900 64904 f8d6b5 64902->64904 64903->64904 64904->64874 64905->64881 64906->64883 64908 f87858 64907->64908 64909 f8789b 64907->64909 64910 f86f20 26 API calls 64908->64910 64909->64889 64911 f87889 64910->64911 64912 f86f20 26 API calls 64911->64912 64912->64909 64914 f875c0 45 API calls 64913->64914 64915 f8a181 64914->64915 64938 f8a267 64915->64938 64939 f8a030 64915->64939 64916 f86c60 35 API calls 64918 f8a2a8 64916->64918 64922 f8a2bd PathFileExistsW 64918->64922 64919 f8a1a4 64920 f885c0 27 API calls 64919->64920 64921 f8a1b1 PathFileExistsW 64920->64921 64925 f8a1d8 64921->64925 64926 f8a23a 64921->64926 64924 f8a2d0 64922->64924 64935 f8a2f0 64922->64935 64962 f8da30 64924->64962 64929 f875c0 45 API calls 64925->64929 64953 f8a390 64926->64953 64927 f875c0 45 API calls 64937 f8a2fa 64927->64937 64933 f8a1e7 64929->64933 64931 f873f0 35 API calls 64934 f8a256 64931->64934 64933->64369 64967 f8ad50 PathAppendW 64934->64967 64935->64927 64935->64937 64937->64369 64938->64916 64940 f8d8f0 52 API calls 64939->64940 64941 f8a068 64940->64941 64942 f8a078 64941->64942 64943 f8a0aa 64941->64943 64944 f875c0 45 API calls 64942->64944 64945 f875c0 45 API calls 64943->64945 64952 f8a087 64944->64952 64946 f8a0b3 64945->64946 64968 f8ad50 PathAppendW 64946->64968 64948 f8a0c4 64969 f8add0 PathAddBackslashW 64948->64969 64950 f8a0cc 64970 f8ac70 37 API calls 64950->64970 64952->64919 64954 f875c0 45 API calls 64953->64954 64955 f8a3cc 64954->64955 64956 f875c0 45 API calls 64955->64956 64957 f8a3e3 64956->64957 64958 f875c0 45 API calls 64957->64958 64959 f8a3f4 64958->64959 64971 f8c0d0 64959->64971 64963 f875c0 45 API calls 64962->64963 64964 f8da6b 64963->64964 65000 f8daf0 CreateFileW 64964->65000 64967->64938 64968->64948 64969->64950 64970->64952 64972 f8c138 64971->64972 64973 f8c117 64971->64973 64993 f874c0 64972->64993 64999 f87320 35 API calls 64973->64999 64975 f8c128 64977 f885c0 27 API calls 64975->64977 64977->64972 64979 f8bf50 4 API calls 64980 f8c1a0 64979->64980 64981 f8c1eb RegQueryValueExW 64980->64981 64991 f8c2c1 64980->64991 64982 f8c2fa 64981->64982 64983 f8c211 64981->64983 64984 f8c31c RegCloseKey 64982->64984 64982->64991 64983->64982 64985 f86c60 35 API calls 64983->64985 64984->64991 64988 f8c232 64985->64988 64986 f8c343 RegCloseKey 64987 f8a243 64986->64987 64987->64931 64988->64982 64989 f8c000 RegQueryValueExW 64988->64989 64990 f8c2a8 64988->64990 64989->64988 64990->64991 64992 f8c2b5 RegCloseKey 64990->64992 64991->64986 64991->64987 64992->64991 64994 f87505 64993->64994 64995 f86c60 35 API calls 64994->64995 64996 f87515 64994->64996 64995->64996 64997 f87840 26 API calls 64996->64997 64998 f87559 64997->64998 64998->64979 64999->64975 65001 f8db5e 65000->65001 65004 f8db63 65000->65004 65031 f87210 GetLastError 65001->65031 65003 f8db75 GetFileSize 65005 f8db90 65003->65005 65008 f8db95 65003->65008 65004->65003 65006 f8dd55 65004->65006 65032 f87210 GetLastError 65005->65032 65010 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 65006->65010 65025 f8dcfc 65008->65025 65026 f87240 ReadFile 65008->65026 65009 f8dd4e CloseHandle 65009->65006 65011 f8da8c 65010->65011 65011->64935 65013 f8dc1a 65014 f87240 2 API calls 65013->65014 65013->65025 65015 f8dc8a 65014->65015 65016 f86c60 35 API calls 65015->65016 65015->65025 65017 f8dc97 65016->65017 65018 f8e460 31 API calls 65017->65018 65019 f8dcaa 65018->65019 65020 f8dcc8 65019->65020 65033 f87730 26 API calls 65019->65033 65034 f8e4d0 33 API calls 65020->65034 65023 f8dce7 65035 f87570 26 API calls 65023->65035 65025->65006 65025->65009 65027 f87271 65026->65027 65028 f87265 65026->65028 65027->65013 65036 f87210 GetLastError 65028->65036 65030 f8726a 65030->65013 65031->65004 65032->65008 65033->65020 65034->65023 65035->65025 65036->65030 65038 6f833500 65037->65038 65039 6f8334b8 65037->65039 65038->64376 65040 6f8334f5 65039->65040 65042 6f8334c8 65039->65042 65041 6f831e50 38 API calls 65040->65041 65041->65038 65043 6f8323b0 38 API calls 65042->65043 65044 6f8334cd 65043->65044 65044->64376 65046 f89e29 65045->65046 65055 f89c20 65046->65055 65049 f8dda0 65050 f8dddf ___scrt_fastfail 65049->65050 65051 f8de0e SetMenuItemInfoW 65050->65051 65061 f877c0 26 API calls 65050->65061 65053 f8de39 65051->65053 65053->64387 65054 f8de0b 65054->65051 65056 f89c66 65055->65056 65057 f89d3a 65056->65057 65058 f875c0 45 API calls 65056->65058 65057->65049 65059 f89cbd 65058->65059 65059->65057 65060 f885c0 27 API calls 65059->65060 65060->65057 65061->65054 65062->64441 65063->64456 65064->64464 65065->64466 65066->64440 65067->64466 65069 fa0040 65068->65069 65071 f9fb44 65068->65071 65070 fa0052 EnterCriticalSection 65069->65070 65069->65071 65072 fa0068 65070->65072 65073 fa0152 LeaveCriticalSection 65070->65073 65085 f9ff80 65071->65085 65074 fa00dc LoadCursorW 65072->65074 65075 fa0075 GetClassInfoExW 65072->65075 65073->65071 65076 fa00bc 65074->65076 65075->65076 65077 fa0095 GetClassInfoExW 65075->65077 65079 fa0122 GetClassInfoExW 65076->65079 65105 f9f850 51 API calls ___scrt_initialize_default_local_stdio_options 65076->65105 65077->65076 65078 fa00a8 LeaveCriticalSection 65077->65078 65078->65071 65079->65073 65080 fa0147 65079->65080 65099 f9f890 65080->65099 65082 fa011c 65082->65079 65084 fa014e 65084->65073 65086 f9ffa9 65085->65086 65087 f9ff8d 65085->65087 65088 fa1816 7 API calls 65086->65088 65089 fa1717 24 API calls 65087->65089 65090 f9ffb5 65088->65090 65091 f9ff92 65089->65091 65092 f9ffa1 65090->65092 65172 f935a0 65090->65172 65091->65086 65093 f9ff99 SetLastError 65091->65093 65092->64468 65093->65092 65095 f9ffc8 CreateWindowExW 65095->64468 65098 f9f8dc Shell_NotifyIconW GetLastError 65097->65098 65098->64480 65098->64481 65100 f9f898 RegisterClassExW 65099->65100 65101 f9f8c2 65099->65101 65102 f9f8b8 65100->65102 65103 f9f8aa 65100->65103 65101->65084 65102->65084 65106 f9fe80 65103->65106 65105->65082 65107 f9fe95 65106->65107 65110 f9fec0 65106->65110 65108 f9fea2 65107->65108 65109 f9fef6 65107->65109 65108->65110 65134 faa3f4 29 API calls 3 library calls 65108->65134 65122 f93600 EnterCriticalSection 65109->65122 65110->65102 65113 f9ff1f 65113->65102 65114 f9ff19 65114->65113 65115 f9ff40 65114->65115 65135 fa1717 GetProcessHeap HeapAlloc 65114->65135 65118 f9ff51 65115->65118 65145 fa1816 65115->65145 65130 fa177b 65118->65130 65120 f9ff59 SetWindowLongW 65121 f9ff71 65120->65121 65121->65102 65123 f93619 GetCurrentThreadId 65122->65123 65124 f93662 LeaveCriticalSection 65122->65124 65125 f93621 65123->65125 65124->65114 65126 f9363f 65125->65126 65127 f9362f LeaveCriticalSection 65125->65127 65128 f9365d 65126->65128 65129 f93646 LeaveCriticalSection 65126->65129 65127->65114 65128->65124 65129->65114 65131 fa1787 65130->65131 65133 fa179f 65130->65133 65131->65133 65152 fa14c3 65131->65152 65133->65120 65134->65110 65136 fa172f 65135->65136 65137 fa1733 65135->65137 65136->65115 65138 fa14c3 5 API calls 65137->65138 65139 fa173e 65138->65139 65140 fa1759 65139->65140 65142 fa174e 65139->65142 65170 fa15d4 15 API calls 65140->65170 65143 fa1766 GetProcessHeap HeapFree 65142->65143 65144 fa1777 65142->65144 65143->65136 65144->65115 65146 fa1821 65145->65146 65151 fa1838 65145->65151 65147 fa183a 65146->65147 65148 fa182d 65146->65148 65146->65151 65150 fa14c3 5 API calls 65147->65150 65171 fa159f GetCurrentProcess FlushInstructionCache 65148->65171 65150->65151 65151->65118 65153 fa14e0 LoadLibraryExA 65152->65153 65154 fa14d0 DecodePointer 65152->65154 65155 fa14f9 65153->65155 65156 fa1571 65153->65156 65154->65156 65166 fa1578 GetProcAddress EncodePointer 65155->65166 65156->65133 65158 fa1509 65158->65156 65167 fa1578 GetProcAddress EncodePointer 65158->65167 65160 fa1520 65160->65156 65168 fa1578 GetProcAddress EncodePointer 65160->65168 65162 fa1537 65162->65156 65169 fa1578 GetProcAddress EncodePointer 65162->65169 65164 fa154e 65164->65156 65165 fa1555 DecodePointer 65164->65165 65165->65156 65166->65158 65167->65160 65168->65162 65169->65164 65170->65142 65171->65151 65173 f935e8 RaiseException 65172->65173 65174 f935ac 65172->65174 65174->65173 65175 f935b3 GetCurrentThreadId EnterCriticalSection LeaveCriticalSection 65174->65175 65175->65095 65177 f8c3fe 65176->65177 65179 f8c41f 65176->65179 65210 f87320 35 API calls 65177->65210 65181 f874c0 35 API calls 65179->65181 65180 f8c40f 65182 f885c0 27 API calls 65180->65182 65183 f8c470 65181->65183 65182->65179 65184 f8bf50 4 API calls 65183->65184 65185 f8c487 65184->65185 65186 f8c50a 65185->65186 65187 f8c4d1 RegQueryValueExW 65185->65187 65188 f8c51f RegCloseKey 65186->65188 65189 f8c522 65186->65189 65190 f8c4fb 65187->65190 65191 f8c512 65187->65191 65188->65189 65189->64500 65189->64502 65190->65191 65193 f8c501 65190->65193 65191->65189 65192 f8c516 RegCloseKey 65191->65192 65192->65186 65193->65186 65194 f8c505 RegCloseKey 65193->65194 65194->65186 65195->64575 65196->64577 65197->64590 65198->64594 65199->64605 65200->64608 65201->64615 65203 f9fdb2 65202->65203 65206 f9fd35 ___scrt_fastfail 65202->65206 65204 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 65203->65204 65205 f9fdc4 65204->65205 65205->64542 65207 f9fd8f Shell_NotifyIconW 65206->65207 65208 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 65207->65208 65209 f9fdac 65208->65209 65209->64542 65210->65180 65211->64638 65212->64648 65214 f8cafd 65213->65214 65219 f8cb1e 65213->65219 65227 f87320 35 API calls 65214->65227 65216 f8cb0e 65217 f885c0 27 API calls 65216->65217 65217->65219 65218 f874c0 35 API calls 65220 f8cb6f 65218->65220 65219->65218 65221 f8bed0 5 API calls 65220->65221 65222 f8cb81 65221->65222 65223 f8cbc8 RegSetValueExW 65222->65223 65224 f8cbe3 65222->65224 65223->65224 65225 f8cbec RegCloseKey 65224->65225 65226 f8cbf3 65224->65226 65225->65226 65226->64221 65226->64674 65227->65216 65228 6f8170a2 GetLastError 65229 6f8170c1 65228->65229 65230 6f8170bb 65228->65230 65234 6f817118 SetLastError 65229->65234 65247 6f816b0f 65229->65247 65252 6f81780a 11 API calls 2 library calls 65230->65252 65237 6f817121 65234->65237 65251 6f816b28 _unexpected 65247->65251 65248 6f816b47 RtlAllocateHeap 65249 6f816b5c 65248->65249 65248->65251 65253 6f8159e3 20 API calls __dosmaperr 65249->65253 65251->65248 65251->65249 65252->65229 65253->65249 65254 6f831020 65259 6f839d70 65254->65259 65267 6f841360 LoadLibraryW 65259->65267 65264 6f84882d 65291 6f8487f2 65264->65291 65268 6f841396 GetProcAddress 65267->65268 65269 6f839ddd 65267->65269 65268->65269 65270 6f8413a9 LoadLibraryW 65268->65270 65272 6f8318c0 65269->65272 65270->65269 65271 6f8413bb GetProcAddress 65270->65271 65271->65269 65284 6f8317f0 65272->65284 65274 6f831025 65274->65264 65276 6f835110 65 API calls 65277 6f83191a 65276->65277 65278 6f831b10 57 API calls 65277->65278 65279 6f83192b 65278->65279 65280 6f831a10 39 API calls 65279->65280 65281 6f831959 PathFileExistsW 65280->65281 65281->65274 65282 6f831966 LoadLibraryW 65281->65282 65282->65274 65283 6f831975 GetProcAddress 65282->65283 65283->65274 65289 6f84a8f0 65284->65289 65287 6f8481de TranslatorGuardHandler 5 API calls 65288 6f8318b7 65287->65288 65288->65274 65288->65276 65290 6f831848 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 65289->65290 65290->65287 65292 6f848816 65291->65292 65293 6f84880f 65291->65293 65298 6f84e3b0 29 API calls __onexit 65292->65298 65297 6f84e340 29 API calls __onexit 65293->65297 65296 6f83102f 65297->65296 65298->65296 65299 6cf31eb4 65300 6cf31ec2 dllmain_dispatch 65299->65300 65301 6cf31ebd 65299->65301 65303 6cf322cd GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 65301->65303 65303->65300 65314 6f848b0f 65315 6f848b1b ___scrt_is_nonwritable_in_current_image 65314->65315 65334 6f848653 65315->65334 65317 6f848b22 65318 6f848b4f 65317->65318 65323 6f848b27 ___scrt_is_nonwritable_in_current_image 65317->65323 65361 6f848ded IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 65317->65361 65345 6f8485b6 65318->65345 65321 6f848b5e __RTC_Initialize 65322 6f84882d __scrt_initialize_thread_safe_statics 29 API calls 65321->65322 65321->65323 65324 6f848b71 65322->65324 65348 6f849281 InitializeSListHead 65324->65348 65326 6f848b76 65327 6f84882d __scrt_initialize_thread_safe_statics 29 API calls 65326->65327 65328 6f848b82 ___scrt_initialize_default_local_stdio_options 65327->65328 65349 6f84e648 65328->65349 65332 6f848ba3 65332->65323 65357 6f84e5ec 65332->65357 65335 6f84865c 65334->65335 65362 6f848f6b IsProcessorFeaturePresent 65335->65362 65337 6f848668 65363 6f84afa6 10 API calls 4 library calls 65337->65363 65339 6f84866d 65340 6f848671 65339->65340 65364 6f84e4c8 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65339->65364 65340->65317 65342 6f84867a 65343 6f848688 65342->65343 65365 6f84afe5 8 API calls 3 library calls 65342->65365 65343->65317 65366 6f84868c 65345->65366 65347 6f8485bd 65347->65321 65348->65326 65352 6f84e65f 65349->65352 65350 6f8481de TranslatorGuardHandler 5 API calls 65351 6f848b98 65350->65351 65351->65323 65353 6f84858b 65351->65353 65352->65350 65354 6f848590 ___scrt_release_startup_lock 65353->65354 65356 6f848599 65354->65356 65372 6f848f6b IsProcessorFeaturePresent 65354->65372 65356->65332 65358 6f84e61b 65357->65358 65359 6f8481de TranslatorGuardHandler 5 API calls 65358->65359 65360 6f84e644 65359->65360 65360->65323 65361->65318 65362->65337 65363->65339 65364->65342 65365->65340 65367 6f84869a 65366->65367 65370 6f84869f ___scrt_initialize_onexit_tables ___scrt_release_startup_lock 65366->65370 65367->65370 65371 6f848ded IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 65367->65371 65369 6f848722 65370->65347 65371->65369 65372->65356 65373 6cf31bff 65374 6cf31c0b ___FrameUnwindToState 65373->65374 65393 6cf31970 65374->65393 65376 6cf31c12 65377 6cf31c3f 65376->65377 65378 6cf31c17 ___scrt_is_nonwritable_in_current_image ___FrameUnwindToState 65376->65378 65425 6cf31ed7 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 65376->65425 65404 6cf318d3 65377->65404 65381 6cf31c4e __RTC_Initialize 65381->65378 65407 6cf31b4a 65381->65407 65385 6cf31c66 65386 6cf31b4a __scrt_initialize_thread_safe_statics 29 API calls 65385->65386 65387 6cf31c72 ___scrt_initialize_default_local_stdio_options 65386->65387 65411 6cf39863 65387->65411 65391 6cf31c93 65391->65378 65419 6cf39807 65391->65419 65394 6cf31979 65393->65394 65426 6cf3206d IsProcessorFeaturePresent 65394->65426 65396 6cf31985 65427 6cf342de 10 API calls 4 library calls 65396->65427 65398 6cf3198a 65403 6cf3198e 65398->65403 65428 6cf39782 65398->65428 65400 6cf319a5 65400->65376 65403->65376 65497 6cf319a9 65404->65497 65406 6cf318da 65406->65381 65503 6cf31b0f 65407->65503 65410 6cf32369 InitializeSListHead 65410->65385 65414 6cf3987a 65411->65414 65412 6cf313b0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65413 6cf31c88 65412->65413 65413->65378 65415 6cf318a8 65413->65415 65414->65412 65416 6cf318ad ___scrt_initialize_onexit_tables 65415->65416 65418 6cf318b6 65416->65418 65511 6cf3206d IsProcessorFeaturePresent 65416->65511 65418->65391 65420 6cf39852 65419->65420 65423 6cf39836 65419->65423 65421 6cf313b0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65420->65421 65422 6cf3985f 65421->65422 65422->65378 65423->65420 65512 6cf210a0 65423->65512 65425->65377 65426->65396 65427->65398 65432 6cf3d0f3 65428->65432 65431 6cf3431d 8 API calls 3 library calls 65431->65403 65435 6cf3d110 65432->65435 65436 6cf3d10c 65432->65436 65434 6cf31997 65434->65400 65434->65431 65435->65436 65438 6cf3ba7c 65435->65438 65450 6cf313b0 65436->65450 65439 6cf3ba88 ___FrameUnwindToState 65438->65439 65457 6cf3c2fc EnterCriticalSection 65439->65457 65441 6cf3ba8f 65458 6cf3f7d0 65441->65458 65443 6cf3ba9e 65448 6cf3baad 65443->65448 65471 6cf3b910 29 API calls 65443->65471 65446 6cf3baa8 65472 6cf3b9c6 GetStdHandle GetFileType 65446->65472 65473 6cf3bac9 LeaveCriticalSection _abort 65448->65473 65449 6cf3babe ___FrameUnwindToState 65449->65435 65451 6cf313bb IsProcessorFeaturePresent 65450->65451 65452 6cf313b9 65450->65452 65454 6cf3161c 65451->65454 65452->65434 65496 6cf315e0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 65454->65496 65456 6cf316ff 65456->65434 65457->65441 65459 6cf3f7dc ___FrameUnwindToState 65458->65459 65460 6cf3f800 65459->65460 65461 6cf3f7e9 65459->65461 65474 6cf3c2fc EnterCriticalSection 65460->65474 65482 6cf383a5 20 API calls __dosmaperr 65461->65482 65464 6cf3f80c 65470 6cf3f838 65464->65470 65475 6cf3f721 65464->65475 65465 6cf3f7ee 65483 6cf37ef9 26 API calls ___std_exception_copy 65465->65483 65468 6cf3f7f8 ___FrameUnwindToState 65468->65443 65484 6cf3f85f LeaveCriticalSection _abort 65470->65484 65471->65446 65472->65448 65473->65449 65474->65464 65485 6cf399cd 65475->65485 65477 6cf3f740 65493 6cf39945 20 API calls __dosmaperr 65477->65493 65478 6cf3f733 65478->65477 65492 6cf3bff0 11 API calls 2 library calls 65478->65492 65481 6cf3f792 65481->65464 65482->65465 65483->65468 65484->65468 65491 6cf399da FindHandlerForForeignException 65485->65491 65486 6cf39a1a 65495 6cf383a5 20 API calls __dosmaperr 65486->65495 65487 6cf39a05 RtlAllocateHeap 65489 6cf39a18 65487->65489 65487->65491 65489->65478 65491->65486 65491->65487 65494 6cf38906 7 API calls 2 library calls 65491->65494 65492->65478 65493->65481 65494->65491 65495->65489 65496->65456 65498 6cf319b7 65497->65498 65501 6cf319bc ___scrt_initialize_onexit_tables 65497->65501 65498->65501 65502 6cf31ed7 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 65498->65502 65500 6cf31a3f 65501->65406 65502->65500 65504 6cf31b33 65503->65504 65505 6cf31b2c 65503->65505 65510 6cf3966a 29 API calls __onexit 65504->65510 65509 6cf395fa 29 API calls __onexit 65505->65509 65508 6cf31b31 65508->65410 65509->65508 65510->65508 65511->65418 65525 6cf26d00 65512->65525 65523 6cf31b4a __scrt_initialize_thread_safe_statics 29 API calls 65524 6cf2115b 65523->65524 65524->65423 65526 6cf21d70 46 API calls 65525->65526 65527 6cf26d43 65526->65527 65589 6cf268d0 65527->65589 65529 6cf26db1 65614 6cf223f0 27 API calls 65529->65614 65530 6cf26dc1 _wcsrchr 65615 6cf26ea0 27 API calls 65530->65615 65533 6cf210ce 65537 6cf21b20 65533->65537 65534 6cf26de6 65616 6cf22f30 27 API calls 65534->65616 65536 6cf26d5b 65536->65529 65536->65530 65538 6cf21b69 65537->65538 65539 6cf21460 35 API calls 65538->65539 65542 6cf21b90 65538->65542 65540 6cf21b79 65539->65540 65540->65542 65650 6cf21800 RaiseException __CxxThrowException@8 65540->65650 65639 6cf21ff0 65542->65639 65545 6cf21bf0 65546 6cf21c36 65545->65546 65547 6cf21460 35 API calls 65546->65547 65550 6cf21c5d 65546->65550 65548 6cf21c46 65547->65548 65548->65550 65679 6cf21800 RaiseException __CxxThrowException@8 65548->65679 65551 6cf21ff0 27 API calls 65550->65551 65552 6cf210f8 65551->65552 65553 6cf21d70 65552->65553 65554 6cf21460 35 API calls 65553->65554 65555 6cf21d9f 65554->65555 65556 6cf21daf 65555->65556 65680 6cf21800 RaiseException __CxxThrowException@8 65555->65680 65558 6cf21dcf 65556->65558 65559 6cf21de8 65556->65559 65681 6cf219b0 9 API calls 65558->65681 65559->65559 65683 6cf223f0 27 API calls 65559->65683 65562 6cf21108 65565 6cf228d0 65562->65565 65563 6cf21dd9 65563->65562 65682 6cf22310 31 API calls 65563->65682 65566 6cf21460 35 API calls 65565->65566 65567 6cf22921 65566->65567 65568 6cf22931 65567->65568 65684 6cf21800 RaiseException __CxxThrowException@8 65567->65684 65570 6cf21460 35 API calls 65568->65570 65571 6cf22947 65570->65571 65572 6cf22957 InitializeCriticalSectionAndSpinCount 65571->65572 65685 6cf21800 RaiseException __CxxThrowException@8 65571->65685 65575 6cf229f0 65572->65575 65576 6cf229d4 GetLastError 65572->65576 65583 6cf22a16 65575->65583 65687 6cf223f0 27 API calls 65575->65687 65577 6cf229de 65576->65577 65577->65575 65686 6cf21800 RaiseException __CxxThrowException@8 65577->65686 65578 6cf22aa3 CreateEventW 65579 6cf22af3 CreateThread 65578->65579 65580 6cf22abf WaitForSingleObject 65578->65580 65587 6cf21111 65579->65587 65689 6cf21740 65579->65689 65585 6cf22acf TerminateThread 65580->65585 65586 6cf22add CloseHandle 65580->65586 65583->65578 65588 6cf22a6c 65583->65588 65688 6cf223f0 27 API calls 65583->65688 65585->65586 65586->65579 65587->65523 65588->65578 65617 6cf21460 65589->65617 65592 6cf26925 SetLastError 65595 6cf26963 GetModuleFileNameW 65592->65595 65596 6cf26953 65592->65596 65598 6cf26985 65595->65598 65599 6cf2697a GetLastError 65595->65599 65633 6cf221f0 27 API calls 65596->65633 65602 6cf269b0 GetModuleFileNameW 65598->65602 65603 6cf269a0 65598->65603 65599->65598 65601 6cf269c1 65599->65601 65600 6cf26960 65600->65595 65605 6cf269eb 65601->65605 65608 6cf269ca GetLastError 65601->65608 65602->65601 65634 6cf221f0 27 API calls 65603->65634 65606 6cf21d70 46 API calls 65605->65606 65609 6cf269e9 65606->65609 65607 6cf269ad 65607->65602 65608->65605 65610 6cf269d5 65608->65610 65609->65536 65635 6cf21e30 RaiseException 65610->65635 65612 6cf269de 65636 6cf22100 26 API calls 65612->65636 65614->65533 65615->65534 65616->65533 65618 6cf2147d 65617->65618 65619 6cf214c3 65617->65619 65637 6cf314dc EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 65618->65637 65631 6cf21541 65619->65631 65638 6cf314dc EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait 65619->65638 65631->65592 65632 6cf21800 RaiseException __CxxThrowException@8 65631->65632 65632->65592 65633->65600 65634->65607 65635->65612 65636->65609 65641 6cf22008 65639->65641 65648 6cf2204b 65639->65648 65640 6cf22023 65651 6cf21760 65640->65651 65641->65640 65671 6cf221f0 27 API calls 65641->65671 65645 6cf22074 65646 6cf22039 65647 6cf21760 26 API calls 65646->65647 65647->65648 65649 6cf210e3 65648->65649 65672 6cf21800 RaiseException __CxxThrowException@8 65648->65672 65649->65545 65650->65542 65652 6cf21774 65651->65652 65653 6cf2176e 65651->65653 65654 6cf21778 65652->65654 65656 6cf21791 ___scrt_fastfail 65652->65656 65653->65646 65673 6cf383a5 20 API calls __dosmaperr 65654->65673 65658 6cf2179d 65656->65658 65660 6cf217d9 65656->65660 65661 6cf217bf 65656->65661 65657 6cf2177d 65674 6cf37ef9 26 API calls ___std_exception_copy 65657->65674 65658->65646 65664 6cf217cf 65660->65664 65677 6cf383a5 20 API calls __dosmaperr 65660->65677 65675 6cf383a5 20 API calls __dosmaperr 65661->65675 65662 6cf21788 65662->65646 65664->65646 65665 6cf217c4 65676 6cf37ef9 26 API calls ___std_exception_copy 65665->65676 65668 6cf217e2 65678 6cf37ef9 26 API calls ___std_exception_copy 65668->65678 65670 6cf217ed 65670->65646 65671->65640 65672->65645 65673->65657 65674->65662 65675->65665 65676->65664 65677->65668 65678->65670 65679->65550 65680->65556 65681->65563 65682->65562 65683->65562 65684->65568 65685->65572 65686->65575 65687->65583 65688->65578 65690 6cf2174a 65689->65690 65696 f81080 65701 f89f00 65696->65701 65700 f8108f 65702 f86c60 35 API calls 65701->65702 65703 f89f3b 65702->65703 65713 f8aaa0 65703->65713 65706 f875c0 45 API calls 65707 f89f7b 65706->65707 65708 f8a140 80 API calls 65707->65708 65709 f89f84 65708->65709 65710 f885c0 27 API calls 65709->65710 65711 f81085 65710->65711 65712 fa0a32 29 API calls __onexit 65711->65712 65712->65700 65714 f8ab22 65713->65714 65737 f8afa0 65714->65737 65717 f8afa0 47 API calls 65718 f8ab4a 65717->65718 65719 f8afa0 47 API calls 65718->65719 65720 f8ab5c 65719->65720 65721 f8afa0 47 API calls 65720->65721 65722 f8ab6e 65721->65722 65723 f8afa0 47 API calls 65722->65723 65724 f8ab80 65723->65724 65725 f8afa0 47 API calls 65724->65725 65726 f8ab92 65725->65726 65727 f8afa0 47 API calls 65726->65727 65728 f8aba4 65727->65728 65729 f8a390 55 API calls 65728->65729 65730 f8abad 65729->65730 65733 f8abf7 65730->65733 65745 faa8be 65730->65745 65732 f8ac39 65748 f8b090 65732->65748 65733->65732 65751 f8a420 87 API calls 65733->65751 65738 f8afe5 65737->65738 65739 f8affb 65738->65739 65741 f8b017 65738->65741 65752 f8b3a0 22 API calls ___scrt_fastfail 65738->65752 65753 f8b590 47 API calls new 65739->65753 65741->65741 65743 f87bc0 26 API calls 65741->65743 65744 f8ab38 65743->65744 65744->65717 65754 faa8d5 65745->65754 65820 f8b170 65748->65820 65750 f89f6e 65750->65706 65751->65732 65752->65739 65753->65741 65759 fa4975 65754->65759 65760 fa4988 65759->65760 65761 fa4992 65759->65761 65767 faa715 65760->65767 65761->65760 65804 facf7b 38 API calls 3 library calls 65761->65804 65763 fa49b3 65805 fad0ca 38 API calls __cftof 65763->65805 65765 fa49cc 65806 fad0f7 38 API calls __cftof 65765->65806 65768 faa745 65767->65768 65770 faa72f 65767->65770 65768->65770 65772 faa75c 65768->65772 65807 faa4e5 20 API calls __dosmaperr 65770->65807 65773 faa73e 65772->65773 65809 fae64c 11 API calls 65772->65809 65776 fa0347 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 65773->65776 65775 faa77d 65777 faa7c0 65775->65777 65778 faa787 65775->65778 65781 faa89a 65776->65781 65779 faa7d6 65777->65779 65780 faa7c5 65777->65780 65810 faa4e5 20 API calls __dosmaperr 65778->65810 65789 faa810 65779->65789 65793 faa7f7 __alloca_probe_16 65779->65793 65812 faa4e5 20 API calls __dosmaperr 65780->65812 65781->65730 65784 faa78c 65811 faa4e5 20 API calls __dosmaperr 65784->65811 65786 faa830 65814 faa4e5 20 API calls __dosmaperr 65786->65814 65787 faa844 65816 fae64c 11 API calls 65787->65816 65788 faa734 65808 faa011 26 API calls __cftof 65788->65808 65813 fac703 21 API calls 3 library calls 65789->65813 65793->65786 65793->65787 65794 faa81c 65794->65786 65794->65793 65795 faa835 65815 faa4e5 20 API calls __dosmaperr 65795->65815 65796 faa860 65797 faa878 65796->65797 65798 faa867 65796->65798 65818 faa4e5 20 API calls __dosmaperr 65797->65818 65817 fab2c0 26 API calls 2 library calls 65798->65817 65802 faa840 65819 faa89e 20 API calls _free 65802->65819 65804->65763 65805->65765 65806->65760 65807->65788 65808->65773 65809->65775 65810->65784 65811->65773 65812->65788 65813->65794 65814->65795 65815->65802 65816->65796 65817->65802 65818->65802 65819->65773 65821 f8b1b5 65820->65821 65822 f8b182 65820->65822 65821->65750 65822->65821 65824 f8b6f0 22 API calls 65822->65824 65824->65822 65825 6f848abc 65826 6f848ac7 65825->65826 65827 6f848afa dllmain_crt_process_detach 65825->65827 65828 6f848aec dllmain_crt_process_attach 65826->65828 65829 6f848acc 65826->65829 65830 6f848ad6 65827->65830 65828->65830 65831 6f848ad1 65829->65831 65832 6f848ae2 65829->65832 65831->65830 65835 6f8485e3 27 API calls 65831->65835 65836 6f8485c4 29 API calls 65832->65836 65835->65830 65836->65830 65837 f926a0 65838 f926a9 CallWindowProcW 65837->65838 65839 f926bf GetWindowLongW CallWindowProcW 65837->65839 65842 f9270c 65838->65842 65840 f926f2 GetWindowLongW 65839->65840 65839->65842 65841 f926fe SetWindowLongW 65840->65841 65840->65842 65841->65842 65853 6cf31d8e 65855 6cf31d9a ___FrameUnwindToState 65853->65855 65854 6cf31dc3 dllmain_raw 65856 6cf31ddd dllmain_crt_dispatch 65854->65856 65857 6cf31da9 ___FrameUnwindToState 65854->65857 65855->65854 65855->65857 65858 6cf31dbe 65855->65858 65856->65857 65856->65858 65860 6cf31e2a 65858->65860 65862 6cf31e16 dllmain_crt_dispatch dllmain_raw 65858->65862 65859 6cf31e33 dllmain_crt_dispatch 65859->65857 65861 6cf31e46 dllmain_raw 65859->65861 65860->65857 65860->65859 65861->65857 65862->65860 65863 6cf31bac 65864 6cf31bb7 65863->65864 65865 6cf31bea dllmain_crt_process_detach 65863->65865 65867 6cf31bdc dllmain_crt_process_attach 65864->65867 65868 6cf31bbc 65864->65868 65866 6cf31bc6 65865->65866 65867->65866 65869 6cf31bd2 65868->65869 65870 6cf31bc1 65868->65870 65874 6cf318e1 29 API calls 65869->65874 65870->65866 65873 6cf31900 27 API calls 65870->65873 65873->65866 65874->65866

                                                              Executed Functions

                                                              Function 00F8B820 Relevance: 9.1, APIs: 6, Instructions: 56encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00F8B83B
                                                              • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?), ref: 00F8B856
                                                              • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00F8B869
                                                              • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?,00000000), ref: 00F8B88A
                                                              • CryptDestroyHash.ADVAPI32(?,?,?,00000000), ref: 00F8B895
                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00F8B8A0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Crypt$Hash$Context$AcquireCreateDataDestroyParamRelease
                                                              • String ID:
                                                              • API String ID: 3186506766-0
                                                              • Opcode ID: dd56034fa96887521f841e59b4ac2d8a8d4b71c5db212c4a3dfa2f402d433d6c
                                                              • Instruction ID: 5060ac8eab507211124d77b54578849743001a0b82bec026ea8523eecd64e90c
                                                              • Opcode Fuzzy Hash: dd56034fa96887521f841e59b4ac2d8a8d4b71c5db212c4a3dfa2f402d433d6c
                                                              • Instruction Fuzzy Hash: 2C118835A4121CBBEB216B50DC49F9DBB7CEB08B91F100160FE04F51A0D7715E04AB91
                                                              Function 00F9D8C0 Relevance: 42.6, APIs: 3, Strings: 21, Instructions: 627registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 f9d8c0-f9d938 call f875c0 * 2 call f8c3c0 7 f9d93e-f9d9a1 call f875c0 * 2 call f8c3c0 call f875c0 * 2 call f8c3c0 0->7 8 f9d9c3-f9da04 call f875c0 * 2 call f8c3c0 0->8 38 f9d9a6-f9d9ab 7->38 21 f9da0a-f9da6d call f875c0 * 2 call f8c3c0 call f875c0 * 2 call f8c3c0 8->21 22 f9da93-f9dad2 call f875c0 * 2 call f8c3c0 8->22 61 f9da72-f9da77 21->61 44 f9dad8-f9db45 call f875c0 * 2 call f8c3c0 call f875c0 * 2 call f8c3c0 22->44 45 f9db63-f9db68 22->45 41 f9d9ad-f9d9b4 38->41 42 f9d9b7-f9d9c0 RegisterHotKey 38->42 41->42 42->8 86 f9db55-f9db60 RegisterHotKey 44->86 87 f9db47-f9db49 44->87 48 f9db78-f9dbea call f875c0 * 2 call f89de0 call f873f0 45->48 49 f9db6a-f9db6e 45->49 76 f9dbec-f9dbef 48->76 77 f9dbf4-f9dbf8 48->77 49->48 52 f9db70-f9db72 49->52 52->48 56 f9e0bc-f9e0d9 52->56 64 f9da79-f9da7b 61->64 65 f9da87-f9da90 RegisterHotKey 61->65 64->65 68 f9da7d-f9da82 64->68 65->22 68->65 76->77 79 f9dbfa-f9dc70 call f875c0 * 2 call f89de0 call f87320 call f873f0 77->79 80 f9dc72-f9dc86 call f875c0 77->80 89 f9dc8b-f9dca6 call f87c70 79->89 80->89 86->45 87->86 90 f9db4b-f9db50 87->90 96 f9dcc8-f9dcd2 89->96 97 f9dca8-f9dcbe 89->97 90->86 99 f9dcf4-f9dcfe 96->99 100 f9dcd4-f9dcea 96->100 97->96 98 f9dcc0-f9dcc3 97->98 98->96 104 f9dd20-f9dd2a 99->104 105 f9dd00-f9dd16 99->105 100->99 102 f9dcec-f9dcef 100->102 102->99 108 f9dd4c-f9dd56 104->108 109 f9dd2c-f9dd42 104->109 105->104 107 f9dd18-f9dd1b 105->107 107->104 112 f9dd58-f9ddd0 call f875c0 * 2 call f89de0 call f87320 call f873f0 108->112 113 f9ddd2-f9dde6 call f875c0 108->113 109->108 111 f9dd44-f9dd47 109->111 111->108 119 f9ddec-f9de06 call f87c70 112->119 113->119 124 f9de08-f9de21 119->124 125 f9de2b-f9de35 119->125 124->125 127 f9de23-f9de26 124->127 128 f9de57-f9de61 125->128 129 f9de37-f9de4d 125->129 127->125 133 f9de83-f9de8d 128->133 134 f9de63-f9de79 128->134 129->128 131 f9de4f-f9de52 129->131 131->128 137 f9deaf-f9deb9 133->137 138 f9de8f-f9dea5 133->138 134->133 136 f9de7b-f9de7e 134->136 136->133 139 f9debf-f9df40 call f875c0 * 2 call f89de0 call f87320 call f873f0 137->139 140 f9df42-f9df56 call f875c0 137->140 138->137 142 f9dea7-f9deaa 138->142 148 f9df5c-f9df7a call f87c70 139->148 140->148 142->137 153 f9df7c-f9df95 148->153 154 f9df9f-f9dfac 148->154 153->154 156 f9df97-f9df9a 153->156 157 f9dfae-f9dfc7 154->157 158 f9dfd1-f9dfde 154->158 156->154 157->158 160 f9dfc9-f9dfcc 157->160 162 f9dfe0-f9dff9 158->162 163 f9e003-f9e010 158->163 160->158 162->163 165 f9dffb-f9dffe 162->165 166 f9e02c-f9e080 call f875c0 * 2 call f89de0 call f87c70 163->166 167 f9e012-f9e022 163->167 165->163 178 f9e08a-f9e0af call f9fd10 166->178 179 f9e082-f9e085 166->179 167->166 170 f9e024-f9e027 167->170 170->166 182 f9e0b9 178->182 183 f9e0b1-f9e0b4 178->183 179->178 182->56 183->182
                                                              APIs
                                                              • RegisterHotKey.USER32(?,00000001,00000000,00000000,?,?,?,?,?,0000014C,75C0F550), ref: 00F9DA8E
                                                                • Part of subcall function 00F8C3C0: RegQueryValueExW.KERNELBASE(00000000,?,00000000,?,00000000,00F88FC4,80000001,00000000,0002001F), ref: 00F8C4F1
                                                                • Part of subcall function 00F8C3C0: RegCloseKey.ADVAPI32(00000000), ref: 00F8C506
                                                                • Part of subcall function 00F8C3C0: RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 00F8C520
                                                                • Part of subcall function 00F8C3C0: RegCloseKey.ADVAPI32(00000000), ref: 00F8C517
                                                              • RegisterHotKey.USER32(?,00000000,00000000,00000000,?,?,?,0000014C,75C0F550), ref: 00F9D9BE
                                                              • RegisterHotKey.USER32(?,00000002,00000000,00000000,?,?,?,?,?,?,?,0000014C,75C0F550), ref: 00F9DB5C
                                                              Strings
                                                              • Hotkey_savefull_vk, xrefs: 00F9DA5A
                                                              • Hotkey_main_enabled, xrefs: 00F9D912
                                                              • [[screenshot_app.options.hotkeyuploadfullscreen]], xrefs: 00F9DEDB
                                                              • Lightshot, xrefs: 00F9E090
                                                              • Hotkey_main_mod, xrefs: 00F9D958
                                                              • Failed to register the hotkey:, xrefs: 00F9DB83
                                                              • #Hw/, xrefs: 00F9D8D7
                                                              • Hotkey_uploadfull_vk, xrefs: 00F9DB28
                                                              • [[screenshot_app.options.hotkeysavefullscreen]], xrefs: 00F9DD74
                                                              • General hotkey, xrefs: 00F9DC05
                                                              • Hotkey_savefull_mod, xrefs: 00F9DA24
                                                              • Hotkey_uploadfull_mod, xrefs: 00F9DAF2
                                                              • [[screenshot_app.options.hotkeygeneral]], xrefs: 00F9DC16
                                                              • Hotkey_main_vk, xrefs: 00F9D98E
                                                              • Instant upload fullscreen, xrefs: 00F9DECA
                                                              • [[screenshot_app.hotkey.failtoregister2]], xrefs: 00F9E043
                                                              • Hotkey_uploadfull_enabled, xrefs: 00F9DAB5
                                                              • Instant save fullscreen, xrefs: 00F9DD63
                                                              • [[screenshot_app.hotkey.failtoregister1]], xrefs: 00F9DBA5
                                                              • Likely another application already uses it. Click on this message to open options dialog., xrefs: 00F9E032
                                                              • Hotkey_savefull_enabled, xrefs: 00F9D9E4
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseRegister$QueryValue
                                                              • String ID: #Hw/$Failed to register the hotkey:$General hotkey$Hotkey_main_enabled$Hotkey_main_mod$Hotkey_main_vk$Hotkey_savefull_enabled$Hotkey_savefull_mod$Hotkey_savefull_vk$Hotkey_uploadfull_enabled$Hotkey_uploadfull_mod$Hotkey_uploadfull_vk$Instant save fullscreen$Instant upload fullscreen$Lightshot$Likely another application already uses it. Click on this message to open options dialog.$[[screenshot_app.hotkey.failtoregister1]]$[[screenshot_app.hotkey.failtoregister2]]$[[screenshot_app.options.hotkeygeneral]]$[[screenshot_app.options.hotkeysavefullscreen]]$[[screenshot_app.options.hotkeyuploadfullscreen]]
                                                              • API String ID: 3186626901-3996860495
                                                              • Opcode ID: 180dcbff6aa07748ee755edce76ec797290aa19955d26f042ac3b81b2de770f2
                                                              • Instruction ID: 7d44f2fee009f1672012e552719029157cdf8f70e51e11ee5af64229a6048d51
                                                              • Opcode Fuzzy Hash: 180dcbff6aa07748ee755edce76ec797290aa19955d26f042ac3b81b2de770f2
                                                              • Instruction Fuzzy Hash: 0932B770A057099BEB04EFA8CD46BDDB7B0EF45324F248258F425A72D2D7789E04EB91
                                                              Function 6F838870 Relevance: 42.5, APIs: 21, Strings: 3, Instructions: 453windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 6F838800: GetDC.USER32(00000000), ref: 6F83880F
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83881E
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83882A
                                                                • Part of subcall function 6F838800: ReleaseDC.USER32(00000000,00000000), ref: 6F838836
                                                              • new.LIBCMT ref: 6F8389B9
                                                              • new.LIBCMT ref: 6F838A45
                                                              • new.LIBCMT ref: 6F838A8B
                                                              • new.LIBCMT ref: 6F838AD1
                                                              • new.LIBCMT ref: 6F838B17
                                                              • new.LIBCMT ref: 6F838B9D
                                                              • new.LIBCMT ref: 6F8389FF
                                                                • Part of subcall function 6F84888A: Concurrency::cancel_current_task.LIBCPMT ref: 6F8488A9
                                                              • new.LIBCMT ref: 6F838973
                                                                • Part of subcall function 6F844450: GetWindowDC.USER32(00000000,?,00000000,6F830000,?,00000000,6F830000,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000), ref: 6F84457A
                                                                • Part of subcall function 6F844450: CreateCompatibleDC.GDI32(00000000), ref: 6F844583
                                                                • Part of subcall function 6F844450: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F844593
                                                                • Part of subcall function 6F844450: SelectObject.GDI32(?,00000000), ref: 6F8445A0
                                                                • Part of subcall function 6F844450: ReleaseDC.USER32(00000000,00000000), ref: 6F8445AC
                                                              • new.LIBCMT ref: 6F838C01
                                                              • new.LIBCMT ref: 6F838C47
                                                              • new.LIBCMT ref: 6F838C8D
                                                              • new.LIBCMT ref: 6F838CD3
                                                              • new.LIBCMT ref: 6F838D19
                                                              • new.LIBCMT ref: 6F838D5F
                                                              • new.LIBCMT ref: 6F838DA5
                                                              • new.LIBCMT ref: 6F838E2B
                                                              • GetWindowDC.USER32(00000000,000000DE,PNG,?,?,000000DC,000000DB,000000DA,PNG,?,?,?,PNG,?,?,?), ref: 6F838E86
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F838E8F
                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F838EA6
                                                              • SelectObject.GDI32(?,00000000), ref: 6F838EB3
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F838EBF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CompatibleCreate$Release$BitmapCapsDeviceObjectSelectWindow$Concurrency::cancel_current_task
                                                              • String ID: PNG$`$`
                                                              • API String ID: 2625897543-3135613499
                                                              • Opcode ID: aa662c58741c30f8fa1842551d9d519f4b1e036570ae304953f70a8af2408e46
                                                              • Instruction ID: 4277206f69537c15f86533add472610955afc50a8b01a3011171e1dc486f88a6
                                                              • Opcode Fuzzy Hash: aa662c58741c30f8fa1842551d9d519f4b1e036570ae304953f70a8af2408e46
                                                              • Instruction Fuzzy Hash: 27027D71A00B49FBEF118FA9C805B8DBFA0BF04714F004999E6046F6D1C7BAA564DBD2
                                                              Function 6F841D40 Relevance: 38.9, APIs: 19, Strings: 3, Instructions: 370windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 6F838800: GetDC.USER32(00000000), ref: 6F83880F
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83881E
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83882A
                                                                • Part of subcall function 6F838800: ReleaseDC.USER32(00000000,00000000), ref: 6F838836
                                                              • new.LIBCMT ref: 6F841E79
                                                              • new.LIBCMT ref: 6F841EFC
                                                              • new.LIBCMT ref: 6F841F42
                                                              • new.LIBCMT ref: 6F841F82
                                                              • new.LIBCMT ref: 6F841FC8
                                                                • Part of subcall function 6F838590: GlobalUnlock.KERNEL32(?), ref: 6F8385B4
                                                                • Part of subcall function 6F838590: GlobalFree.KERNEL32(?), ref: 6F8385BD
                                                                • Part of subcall function 6F838590: FindResourceW.KERNELBASE(00000000,00000000,?,00000050,6F830000,00000044,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000), ref: 6F8385D4
                                                                • Part of subcall function 6F838590: SizeofResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385E6
                                                                • Part of subcall function 6F838590: LoadResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385F9
                                                                • Part of subcall function 6F838590: LockResource.KERNEL32(00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF,?,6F84205D), ref: 6F838600
                                                                • Part of subcall function 6F838590: GlobalAlloc.KERNELBASE(00000002,?,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F838616
                                                                • Part of subcall function 6F838590: GlobalLock.KERNEL32(00000000), ref: 6F838628
                                                                • Part of subcall function 6F838590: CreateStreamOnHGlobal.OLE32(?,00000000,00000000), ref: 6F83864D
                                                              • new.LIBCMT ref: 6F841EBF
                                                                • Part of subcall function 6F84888A: Concurrency::cancel_current_task.LIBCPMT ref: 6F8488A9
                                                              • new.LIBCMT ref: 6F841E3C
                                                                • Part of subcall function 6F844450: GetWindowDC.USER32(00000000,?,00000000,6F830000,?,00000000,6F830000,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000), ref: 6F84457A
                                                                • Part of subcall function 6F844450: CreateCompatibleDC.GDI32(00000000), ref: 6F844583
                                                                • Part of subcall function 6F844450: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F844593
                                                                • Part of subcall function 6F844450: SelectObject.GDI32(?,00000000), ref: 6F8445A0
                                                                • Part of subcall function 6F844450: ReleaseDC.USER32(00000000,00000000), ref: 6F8445AC
                                                              • new.LIBCMT ref: 6F842020
                                                              • new.LIBCMT ref: 6F842066
                                                              • new.LIBCMT ref: 6F8420AC
                                                              • new.LIBCMT ref: 6F8420F2
                                                              • new.LIBCMT ref: 6F842138
                                                              • GetWindowDC.USER32(00000000,000000C7,PNG,?,?,000000B8,000000BA,000000B9,PNG,?,?,?,?,?,?,?), ref: 6F84221F
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F842228
                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F84223F
                                                              • SelectObject.GDI32(?,00000000), ref: 6F84224C
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F842258
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateGlobal$CompatibleResource$Release$BitmapCapsDeviceLockObjectSelectWindow$AllocConcurrency::cancel_current_taskFindFreeLoadSizeofStreamUnlock
                                                              • String ID: PNG$`$`
                                                              • API String ID: 3446955754-3135613499
                                                              • Opcode ID: e835f4ce84405149524d678e02e1b4148f00139de5712bc36b45092eab243516
                                                              • Instruction ID: 28f24327cb829f39d4bb6960876679937e928d52c8e9cfd1f3d553f522c4e177
                                                              • Opcode Fuzzy Hash: e835f4ce84405149524d678e02e1b4148f00139de5712bc36b45092eab243516
                                                              • Instruction Fuzzy Hash: FFE19170E04B49FBEF158FA9CC15B8DBAA0BF04704F044898E6046F6C1C7BA6624DBD2
                                                              Function 6F83A660 Relevance: 37.8, APIs: 25, Instructions: 256windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GdipCreateSolidFill.GDIPLUS(?,?,C8000000,?), ref: 6F83A752
                                                                • Part of subcall function 6F83A170: GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,73529A30,00000000), ref: 6F83A192
                                                                • Part of subcall function 6F83A170: GdipGetGenericFontFamilySansSerif.GDIPLUS(6F86A2A8), ref: 6F83A1C4
                                                                • Part of subcall function 6F83A170: GdipDeleteFontFamily.GDIPLUS(00000000), ref: 6F83A1E3
                                                              • GdipCreateStringFormat.GDIPLUS(00000000,00000000,00000120,?,6EB740BD), ref: 6F83A78C
                                                              • GdipCreateSolidFill.GDIPLUS(FFDEDEDE,00000000), ref: 6F83A7B9
                                                                • Part of subcall function 6F841D40: new.LIBCMT ref: 6F841E3C
                                                                • Part of subcall function 6F841D40: new.LIBCMT ref: 6F841E79
                                                                • Part of subcall function 6F841D40: new.LIBCMT ref: 6F841EBF
                                                                • Part of subcall function 6F838870: new.LIBCMT ref: 6F838973
                                                                • Part of subcall function 6F838870: new.LIBCMT ref: 6F8389B9
                                                                • Part of subcall function 6F838870: new.LIBCMT ref: 6F8389FF
                                                                • Part of subcall function 6F8436D0: new.LIBCMT ref: 6F8437D0
                                                                • Part of subcall function 6F8436D0: new.LIBCMT ref: 6F843816
                                                                • Part of subcall function 6F8436D0: new.LIBCMT ref: 6F84385C
                                                                • Part of subcall function 6F8377D0: GdipCreatePen1.GDIPLUS(FF000000,?,00000000,00000358,?,?,?,?,?), ref: 6F83782F
                                                                • Part of subcall function 6F8315F0: GetProcessHeap.KERNEL32(?), ref: 6F831623
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83164E
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83168F
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83A97C
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83A982
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83A989
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83A98F
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83A996
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83A99B
                                                              • SetRect.USER32(00000000,00000000), ref: 6F83A9A2
                                                              • GetWindowDC.USER32(00000000), ref: 6F83A9B0
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83A9BC
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83A9C7
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83A9D2
                                                              • SetBkColor.GDI32(00000000,00000000), ref: 6F83A9DD
                                                              • GetWindowDC.USER32(00000000), ref: 6F83A9E5
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F83A9EC
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83A9F7
                                                                • Part of subcall function 6F8311A0: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8311B2
                                                              • CreateBitmap.GDI32(00000000,00000000,00000001,00000000,00000000), ref: 6F83AA10
                                                              • SelectObject.GDI32(?,00000000), ref: 6F83AA23
                                                                • Part of subcall function 6F83AD90: GdipAlloc.GDIPLUS(00000008,00000000,00000000,?,?,6F83AA36), ref: 6F83AD9A
                                                                • Part of subcall function 6F83AD90: GdipCreateFromHDC.GDIPLUS(?,?,?,6F83AA36), ref: 6F83ADB7
                                                                • Part of subcall function 6F83AD90: GdipSetInterpolationMode.GDIPLUS(00000000,00000001,?,6F83AA36), ref: 6F83ADD3
                                                                • Part of subcall function 6F83AD90: GdipSetSmoothingMode.GDIPLUS(?,00000003,?,6F83AA36), ref: 6F83ADEA
                                                                • Part of subcall function 6F83AD90: GdipSetPixelOffsetMode.GDIPLUS(?,00000003,?,6F83AA36), ref: 6F83AE01
                                                                • Part of subcall function 6F83AD90: GdipSetCompositingQuality.GDIPLUS(?,00000001,?,6F83AA36), ref: 6F83AE18
                                                              • CreatePen.GDI32(00000002,00000001,00FFFFFF), ref: 6F83AA45
                                                              • CreatePen.GDI32(00000000,00000001,00FFFFFF), ref: 6F83AA56
                                                              • CreateSolidBrush.GDI32(00000000), ref: 6F83AA60
                                                              • GdipSetStringFormatAlign.GDIPLUS(?,00000000), ref: 6F83AA74
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83AABC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Create$MetricsSystem$CompatibleFamilyFontModeSolid$FillFormatFromInit_thread_footerReleaseStringWindow$AlignAllocBitmapBrushCapsColorCompositingDeleteDeviceException@8GenericHeapInterpolationNameObjectOffsetPen1PixelProcessQualityRectSansSelectSerifSmoothingThrow
                                                              • String ID:
                                                              • API String ID: 3299805905-0
                                                              • Opcode ID: 682749f73839aeae1c648a42d26e65c614335f5c15e7fa88a24a36f54e5ffb70
                                                              • Instruction ID: b48a59dcae6f2d15ebd20b20c3e9e2e206bf37c490390332f0cd3f846bf60396
                                                              • Opcode Fuzzy Hash: 682749f73839aeae1c648a42d26e65c614335f5c15e7fa88a24a36f54e5ffb70
                                                              • Instruction Fuzzy Hash: B1C128B19003049FEF51DFA4C998BDA7BE4AF05304F1844B9ED08AF286DBB95518CFA0
                                                              Function 00F9D300 Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 236windowregistrysynchronizationCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 00F9F920: RegisterWindowMessageA.USER32(TaskbarCreated,?,?,00000000,00000000,00FB93D1,000000FF,?,00F9D341,00000000,77E44823), ref: 00F9F9EA
                                                              • RegisterWindowMessageW.USER32(DetachRequestDone,00000000), ref: 00F9D35A
                                                              • RegisterWindowMessageW.USER32 ref: 00F9D36B
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              • RegisterWindowMessageW.USER32 ref: 00F9D432
                                                              • RegisterWindowMessageW.USER32 ref: 00F9D47D
                                                              • CreateMutexW.KERNELBASE ref: 00F9D51C
                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00F9D528
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • LoadMenuW.USER32(00000067), ref: 00F9D592
                                                              • DestroyMenu.USER32(?,?), ref: 00F9D5B6
                                                              • LoadIconW.USER32(00000066,?), ref: 00F9D5D5
                                                              • PostQuitMessage.USER32(00000000), ref: 00F9D65E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Message$RegisterWindow$LoadMenu$CreateDestroyErrorException@8HeapIconLastMutexObjectPostProcessQuitSingleThrowWait
                                                              • String ID: #Hw/$DetachRequestDone$GetUserRequestDone$Lightshot$LightshotStandAloneAppMainMutex$Lightshot_Tray_Wnd$UA-31173726-1$win/Lightshot.exe/
                                                              • API String ID: 230458022-3633134183
                                                              • Opcode ID: 0210ae29ca6d66e88d5301f7a21b2cc7308848af4da41faf4ee8aa25df840959
                                                              • Instruction ID: 48fca773e5c4f4221fb21871551f893632a36c1575c6b2b3d5b3e4528e9e5146
                                                              • Opcode Fuzzy Hash: 0210ae29ca6d66e88d5301f7a21b2cc7308848af4da41faf4ee8aa25df840959
                                                              • Instruction Fuzzy Hash: 2EA1CF70600746EFEB14EF68CD46B9AFBA4FF44304F14411DE01997292DB79A814EF92
                                                              Function 6F8436D0 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 267windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 6F838800: GetDC.USER32(00000000), ref: 6F83880F
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83881E
                                                                • Part of subcall function 6F838800: GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83882A
                                                                • Part of subcall function 6F838800: ReleaseDC.USER32(00000000,00000000), ref: 6F838836
                                                              • new.LIBCMT ref: 6F843816
                                                              • new.LIBCMT ref: 6F8438A2
                                                                • Part of subcall function 6F838590: GlobalUnlock.KERNEL32(?), ref: 6F8385B4
                                                                • Part of subcall function 6F838590: GlobalFree.KERNEL32(?), ref: 6F8385BD
                                                                • Part of subcall function 6F838590: FindResourceW.KERNELBASE(00000000,00000000,?,00000050,6F830000,00000044,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000), ref: 6F8385D4
                                                                • Part of subcall function 6F838590: SizeofResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385E6
                                                                • Part of subcall function 6F838590: LoadResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385F9
                                                                • Part of subcall function 6F838590: LockResource.KERNEL32(00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF,?,6F84205D), ref: 6F838600
                                                                • Part of subcall function 6F838590: GlobalAlloc.KERNELBASE(00000002,?,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F838616
                                                                • Part of subcall function 6F838590: GlobalLock.KERNEL32(00000000), ref: 6F838628
                                                                • Part of subcall function 6F838590: CreateStreamOnHGlobal.OLE32(?,00000000,00000000), ref: 6F83864D
                                                              • new.LIBCMT ref: 6F84385C
                                                                • Part of subcall function 6F84888A: Concurrency::cancel_current_task.LIBCPMT ref: 6F8488A9
                                                              • new.LIBCMT ref: 6F8437D0
                                                                • Part of subcall function 6F844450: GetWindowDC.USER32(00000000,?,00000000,6F830000,?,00000000,6F830000,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000), ref: 6F84457A
                                                                • Part of subcall function 6F844450: CreateCompatibleDC.GDI32(00000000), ref: 6F844583
                                                                • Part of subcall function 6F844450: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F844593
                                                                • Part of subcall function 6F844450: SelectObject.GDI32(?,00000000), ref: 6F8445A0
                                                                • Part of subcall function 6F844450: ReleaseDC.USER32(00000000,00000000), ref: 6F8445AC
                                                              • new.LIBCMT ref: 6F843921
                                                              • new.LIBCMT ref: 6F843967
                                                              • new.LIBCMT ref: 6F8439AD
                                                              • new.LIBCMT ref: 6F8439F3
                                                              • GetWindowDC.USER32(00000000,000000E8,PNG,?,000000E7,PNG,?,?,000000E5,000000E6,000000E6,PNG,?,?,?,?), ref: 6F843A62
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F843A6B
                                                              • CreateCompatibleBitmap.GDI32(00000000,?), ref: 6F843A83
                                                              • SelectObject.GDI32(?,00000000), ref: 6F843A90
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F843A9C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateGlobal$CompatibleResource$Release$BitmapCapsDeviceLockObjectSelectWindow$AllocConcurrency::cancel_current_taskFindFreeLoadSizeofStreamUnlock
                                                              • String ID: PNG$`$`
                                                              • API String ID: 3446955754-3135613499
                                                              • Opcode ID: f146b6c6a7402ef979e10df1bc08e49e73d57db10422ab86f9d3b444370b2265
                                                              • Instruction ID: 2ff305d707680b77034b3bd1ed4f07536b86fc97f16b64a1befa8ff1bda77334
                                                              • Opcode Fuzzy Hash: f146b6c6a7402ef979e10df1bc08e49e73d57db10422ab86f9d3b444370b2265
                                                              • Instruction Fuzzy Hash: 24B1A071A04B49FBEF148FA9C915B9DBFA0BF04718F004899E5046F6C1D7BAA524CBD2
                                                              Function 00F9E0E0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 108libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 561 f9e0e0-f9e125 call f8d8f0 564 f9e12e-f9e14c call f873f0 PathFileExistsW 561->564 565 f9e127-f9e129 561->565 571 f9e14e-f9e165 LoadLibraryW GetLastError 564->571 572 f9e1c7 564->572 566 f9e1e3-f9e1f8 565->566 568 f9e1fa-f9e1fd 566->568 569 f9e202-f9e215 566->569 568->569 571->572 574 f9e167-f9e17a GetProcAddress 571->574 573 f9e1c9-f9e1d9 572->573 573->566 575 f9e1db-f9e1de 573->575 574->572 576 f9e17c-f9e18b GetProcAddress 574->576 575->566 576->572 577 f9e18d-f9e19c GetProcAddress 576->577 577->572 578 f9e19e-f9e1ad GetProcAddress 577->578 578->572 579 f9e1af-f9e1be GetProcAddress 578->579 579->572 580 f9e1c0-f9e1c5 579->580 580->573
                                                              APIs
                                                              • PathFileExistsW.KERNELBASE(?,75C0F550), ref: 00F9E144
                                                              • LoadLibraryW.KERNELBASE(?), ref: 00F9E151
                                                              • GetLastError.KERNEL32 ref: 00F9E15A
                                                              • GetProcAddress.KERNEL32(?,MakeScreenshot), ref: 00F9E173
                                                              • GetProcAddress.KERNEL32(?,MakeScreenshotByCommand), ref: 00F9E184
                                                              • GetProcAddress.KERNEL32(?,SetTranslations), ref: 00F9E195
                                                              • GetProcAddress.KERNEL32(?,InitLightshot), ref: 00F9E1A6
                                                              • GetProcAddress.KERNEL32(?,DeinitLightshot), ref: 00F9E1B7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$ErrorExistsFileLastLibraryLoadPath
                                                              • String ID: #Hw/$DeinitLightshot$InitLightshot$MakeScreenshot$MakeScreenshotByCommand$SetTranslations$\Lightshot.dll
                                                              • API String ID: 1599701744-1927529074
                                                              • Opcode ID: 513046ba7617fc126c896893dcc7501ffa3a366faa4b15bd8a8feaef4e802906
                                                              • Instruction ID: 8ed198278a9354c43319161fea501df018f5a6ddb664480d9520b2481007d0d7
                                                              • Opcode Fuzzy Hash: 513046ba7617fc126c896893dcc7501ffa3a366faa4b15bd8a8feaef4e802906
                                                              • Instruction Fuzzy Hash: 87413C71A40B069BEB11DF79CD45A5AF7E8FF40720F14462AA851E26E1DBB4E800EF51
                                                              Function 00F9E430 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 182windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • RemoveMenu.USER32(?,00009C49,00000000,77E44823,00000000,0000014C,75C0F550,GetUserRequestDone), ref: 00F9E46A
                                                              • RemoveMenu.USER32(?,00009C45,00000000), ref: 00F9E476
                                                              • RemoveMenu.USER32(?,00009C47,00000000), ref: 00F9E482
                                                              • RemoveMenu.USER32(?,00009C48,00000000), ref: 00F9E48E
                                                                • Part of subcall function 00F8DE60: InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00F8DF45
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Menu$Remove$InsertItem
                                                              • String ID: #Hw/$%username%$My gallery (%username%)$Sign In...$Sign Out$[[screenshot_app.menu.gallery]]$[[screenshot_app.menu.sign_in]]$[[screenshot_app.menu.sign_out]]$username
                                                              • API String ID: 2761169988-1119498298
                                                              • Opcode ID: 5dfd323794f5ec0f0ae7e8ebef6784ef47f6b301d9aadcff29165f0086761cde
                                                              • Instruction ID: 220c5e32150339955ee165b8261c1864c8e268f7d746de2e4e2db238a1faa653
                                                              • Opcode Fuzzy Hash: 5dfd323794f5ec0f0ae7e8ebef6784ef47f6b301d9aadcff29165f0086761cde
                                                              • Instruction Fuzzy Hash: 9451C471A04309BBD714FB98DC07F9EBBA5AF44714F24425CF0156B2C2DB78A904EBA6
                                                              Function 6F840FB0 Relevance: 18.1, APIs: 12, Instructions: 77windowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • DeleteObject.GDI32(6EB740BD), ref: 6F840FD0
                                                              • GetSystemMetrics.USER32 ref: 6F841008
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F84100E
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F841015
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F84101B
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F841022
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F841027
                                                              • SetRect.USER32(00000000,00000000), ref: 6F84102F
                                                              • GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6F836FC5), ref: 6F841037
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F841042
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F84104D
                                                              • CreateBitmap.GDI32(?,00000000,00000001,00000000,00000000), ref: 6F84106A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$BitmapCapsCreateDeleteDeviceObjectRectReleaseWindow
                                                              • String ID:
                                                              • API String ID: 3957080118-0
                                                              • Opcode ID: 724d770e88fa930ce47d6174f4528bf9c7e5394855fe88bbf7ee0daae6cb04b0
                                                              • Instruction ID: 6abf285957e29f83a6640bdce930ec574cc86c42eefe937a7ad1f37c95ecc262
                                                              • Opcode Fuzzy Hash: 724d770e88fa930ce47d6174f4528bf9c7e5394855fe88bbf7ee0daae6cb04b0
                                                              • Instruction Fuzzy Hash: 4B213071604304AFEB50AF758C49F5B7BE8EF85750F010959FA549B2C0D7799814CBE2
                                                              Function 6F834D70 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 32libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 639 6f834d70-6f834d80 LoadLibraryW 640 6f834d82-6f834d90 GetProcAddress 639->640 641 6f834da4-6f834db3 LoadLibraryW 639->641 644 6f834d92 640->644 645 6f834d9d-6f834d9e FreeLibrary 640->645 642 6f834db5-6f834dc3 GetProcAddress 641->642 643 6f834dce-6f834dcf 641->643 646 6f834dc7-6f834dc8 FreeLibrary 642->646 647 6f834dc5 642->647 648 6f834d96-6f834d9b 644->648 645->641 646->643 647->646 648->645 648->646
                                                              APIs
                                                              • LoadLibraryW.KERNEL32(Shcore.dll,?,6F839E4A,6EB740BD), ref: 6F834D76
                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6F834D88
                                                              • FreeLibrary.KERNEL32(00000000,?,6F839E4A,6EB740BD), ref: 6F834D9E
                                                              • LoadLibraryW.KERNEL32(user32.dll,?,6F839E4A,6EB740BD), ref: 6F834DA9
                                                              • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 6F834DBB
                                                              • FreeLibrary.KERNEL32(00000000,?,6F839E4A,6EB740BD), ref: 6F834DC8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Library$AddressFreeLoadProc
                                                              • String ID: SetProcessDPIAware$SetProcessDpiAwareness$Shcore.dll$user32.dll
                                                              • API String ID: 145871493-1980173857
                                                              • Opcode ID: 40592cb614c5c19e8fb93e455d24c19fc377f10647e547035e52d995bbfcb30d
                                                              • Instruction ID: 68a1b2b8eae4b98ca8d020d32f38d1ee7547388b4246f799ddb9670e960a108b
                                                              • Opcode Fuzzy Hash: 40592cb614c5c19e8fb93e455d24c19fc377f10647e547035e52d995bbfcb30d
                                                              • Instruction Fuzzy Hash: E6F03072982E325B9EC136B15C0CAAE3914BF577A5B000DC1F825E9210DB29D920C6E5
                                                              Function 6F838590 Relevance: 16.6, APIs: 11, Instructions: 105memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GlobalUnlock.KERNEL32(?), ref: 6F8385B4
                                                              • GlobalFree.KERNEL32(?), ref: 6F8385BD
                                                              • FindResourceW.KERNELBASE(00000000,00000000,?,00000050,6F830000,00000044,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000), ref: 6F8385D4
                                                              • SizeofResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385E6
                                                              • LoadResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385F9
                                                              • LockResource.KERNEL32(00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF,?,6F84205D), ref: 6F838600
                                                              • GlobalAlloc.KERNELBASE(00000002,?,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F838616
                                                              • GlobalLock.KERNEL32(00000000), ref: 6F838628
                                                              • CreateStreamOnHGlobal.OLE32(?,00000000,00000000), ref: 6F83864D
                                                              • GlobalUnlock.KERNEL32(?), ref: 6F8386A0
                                                              • GlobalFree.KERNEL32(?), ref: 6F8386A9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Global$Resource$FreeLockUnlock$AllocCreateFindLoadSizeofStream
                                                              • String ID:
                                                              • API String ID: 174235177-0
                                                              • Opcode ID: eb2d08a1c7808494d311edb08b4dadfc5a593650232342fe9bba74ab3dd74d33
                                                              • Instruction ID: ecf22089c54af269ca4182e9288543977cf4486e6d36b003ea0f236c44d17e96
                                                              • Opcode Fuzzy Hash: eb2d08a1c7808494d311edb08b4dadfc5a593650232342fe9bba74ab3dd74d33
                                                              • Instruction Fuzzy Hash: 52319276600715AFEF548FA1C84CBA677A8FF45718F00846DF92ACB260DB75E821CB90
                                                              Function 00F88090 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142threadsynchronizationCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 673 f88090-f880dc call f86c60 676 f880e8-f88100 call f86c60 673->676 677 f880de-f880e3 call f86fc0 673->677 682 f8810c-f88165 InitializeCriticalSectionAndSpinCount 676->682 683 f88102-f88107 call f86fc0 676->683 677->676 686 f88183-f881b5 call f885c0 * 2 CreateEventW 682->686 687 f88167-f8816f GetLastError 682->687 683->682 696 f881e2-f88210 CreateThread 686->696 697 f881b7-f881c5 WaitForSingleObject 686->697 689 f8817b 687->689 690 f88171-f88179 687->690 689->686 692 f8817d-f8817e call f86fc0 689->692 690->689 692->686 700 f8821a-f8822f 696->700 701 f88212-f88215 696->701 698 f881d2-f881db CloseHandle 697->698 699 f881c7-f881cc TerminateThread 697->699 698->696 699->698 702 f88239-f8824c 700->702 703 f88231-f88234 700->703 701->700 703->702
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F8815D
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F88167
                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F881A7
                                                              • WaitForSingleObject.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F881BA
                                                              • TerminateThread.KERNEL32(00000006,00000000,?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F881CC
                                                              • CloseHandle.KERNEL32(00000006,?,?,?,?,?,?,?,00FB6C94,000000FF), ref: 00F881D5
                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00006F00,?,00000000,00000000), ref: 00F881F0
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateErrorLastThread$CloseCountCriticalEventException@8HandleHeapInitializeObjectProcessSectionSingleSpinTerminateThrowWait
                                                              • String ID: #Hw/
                                                              • API String ID: 1672646298-1770964375
                                                              • Opcode ID: d0faed9b23621746ccc22989b02f753d72b6cb54dac9275030d460f44b314c60
                                                              • Instruction ID: c24bc014bdcdeb2ef13db11446bc88b808ad4adae54dc992c808051d57a53a05
                                                              • Opcode Fuzzy Hash: d0faed9b23621746ccc22989b02f753d72b6cb54dac9275030d460f44b314c60
                                                              • Instruction Fuzzy Hash: 02519D70600B05AFE720EF28CC49B8ABBE4EF04720F14866DF45ADB6A1DB75E9059F51
                                                              Function 6F83A170 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,73529A30,00000000), ref: 6F83A192
                                                              • GdipGetGenericFontFamilySansSerif.GDIPLUS(6F86A2A8), ref: 6F83A1C4
                                                              • GdipDeleteFontFamily.GDIPLUS(00000000), ref: 6F83A1E3
                                                              • GdipCreateFont.GDIPLUS(00000000,?,00000001,00000003,00000118), ref: 6F83A206
                                                              • GdipGetGenericFontFamilySansSerif.GDIPLUS(6F86A2A8,?,00000001,00000003,00000118), ref: 6F83A228
                                                              • GdipCreateFont.GDIPLUS(?,00000000,00000001,00000003,00000118,?,00000001,00000003,00000118), ref: 6F83A250
                                                              • GdipDeleteFontFamily.GDIPLUS(00000000,?,00000001,00000003,00000118), ref: 6F83A258
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FontGdip$Family$Create$DeleteGenericSansSerif$FromName
                                                              • String ID: Arial
                                                              • API String ID: 2831291859-493054409
                                                              • Opcode ID: cd8b1ea81bea50eb5b2e388627dfc1c88c5a491ddf0392f1819e42ee7e2404aa
                                                              • Instruction ID: 932a7efa7b0947a0d1ac0cda4cbec4376c9a50ff2c411ebc1636b33c29d11c29
                                                              • Opcode Fuzzy Hash: cd8b1ea81bea50eb5b2e388627dfc1c88c5a491ddf0392f1819e42ee7e2404aa
                                                              • Instruction Fuzzy Hash: B9319C74A40715AFDB14CF94C980BAABBB4FB4A728F008599E945DB340D732E820DB90
                                                              Function 00FA14C3 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 715 fa14c3-fa14ce 716 fa14e0-fa14f7 LoadLibraryExA 715->716 717 fa14d0-fa14db DecodePointer 715->717 719 fa14f9-fa150e call fa1578 716->719 720 fa1571 716->720 718 fa1574-fa1577 717->718 719->720 724 fa1510-fa1525 call fa1578 719->724 721 fa1573 720->721 721->718 724->720 727 fa1527-fa153c call fa1578 724->727 727->720 730 fa153e-fa1553 call fa1578 727->730 730->720 733 fa1555-fa156f DecodePointer 730->733 733->721
                                                              APIs
                                                              • DecodePointer.KERNEL32(?,?,?,00FA1845,00FCB9F0,?,?,?,00F9289F,00000000,00000000,?), ref: 00FA14D5
                                                              • LoadLibraryExA.KERNELBASE(atlthunk.dll,00000000,00000800,?,?,?,00FA1845,00FCB9F0,?,?,?,00F9289F,00000000,00000000,?), ref: 00FA14ED
                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00F90861), ref: 00FA1569
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DecodePointer$LibraryLoad
                                                              • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                              • API String ID: 1423960858-1745123996
                                                              • Opcode ID: ad39d6d7b76989019297b4325b84db5b473a1fedc13b8f8586957c622f822395
                                                              • Instruction ID: eaf93ec8a3d84e1ec498d5590bd1e6d98608ef553ba661539060de0b7e259254
                                                              • Opcode Fuzzy Hash: ad39d6d7b76989019297b4325b84db5b473a1fedc13b8f8586957c622f822395
                                                              • Instruction Fuzzy Hash: 1801E1F5D412157ECB1157269C83F993B686B03765F0D0154FC02A6292EB618A08BA87
                                                              Function 6F841360 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 36libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 734 6f841360-6f841394 LoadLibraryW 735 6f841396-6f8413a7 GetProcAddress 734->735 736 6f8413ca-6f8413cf 734->736 735->736 737 6f8413a9-6f8413b9 LoadLibraryW 735->737 738 6f8413d1 736->738 739 6f8413d8-6f8413db 736->739 737->736 740 6f8413bb-6f8413c7 GetProcAddress 737->740 741 6f8413d5 738->741 740->736 741->739
                                                              APIs
                                                              • LoadLibraryW.KERNELBASE(D3d9.dll,?,6F839DDD,6EB740BD,?,?,6F8598C0,000000FF), ref: 6F84138A
                                                              • GetProcAddress.KERNEL32(00000000,Direct3DCreate9), ref: 6F84139C
                                                              • LoadLibraryW.KERNELBASE(d3dx9_32.dll,?,6F839DDD,6EB740BD,?,?,6F8598C0,000000FF), ref: 6F8413AE
                                                              • GetProcAddress.KERNEL32(00000000,D3DXSaveSurfaceToFileW), ref: 6F8413C1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressLibraryLoadProc
                                                              • String ID: D3DXSaveSurfaceToFileW$D3d9.dll$Direct3DCreate9$d3dx9_32.dll
                                                              • API String ID: 2574300362-2847385910
                                                              • Opcode ID: da4add379d39f61df019b9fd57e8c26c80e161d89b648a30cdee5f5cbb97e40f
                                                              • Instruction ID: edd55e6f6a6b57d40f79a085490b61dca27b62e94725ed7b5b9d432654030687
                                                              • Opcode Fuzzy Hash: da4add379d39f61df019b9fd57e8c26c80e161d89b648a30cdee5f5cbb97e40f
                                                              • Instruction Fuzzy Hash: 7501C2B0540F029BEB514F75C418753BAE4BB15755F009C9DD4A6D6A40FB78E010CB90
                                                              Function 00F8F330 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • RegCloseKey.ADVAPI32(?,-000000E0), ref: 00F8F60F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseErrorException@8HeapLastProcessThrow
                                                              • String ID: #Hw$#Hw$#Hw/$MachineGuid$SOFTWARE\Microsoft\Cryptography$d
                                                              • API String ID: 3254404189-3324397738
                                                              • Opcode ID: fd90ae32cd7e3236e8b4695574bd0d07036cabf59fbc5a0a6d5d56280c8a78bf
                                                              • Instruction ID: e915d35cadba715dd77718c9ab1b180fe7b94fd047cb3908675e0da23f302ede
                                                              • Opcode Fuzzy Hash: fd90ae32cd7e3236e8b4695574bd0d07036cabf59fbc5a0a6d5d56280c8a78bf
                                                              • Instruction Fuzzy Hash: 9AA1B471A006099FDB00EF68CC45BDEBBE4EF45324F188169E905EB292EB74DD09DB91
                                                              Function 00F8C3C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.KERNELBASE(00000000,?,00000000,?,00000000,00F88FC4,80000001,00000000,0002001F), ref: 00F8C4F1
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00F8C506
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00F8C517
                                                              • RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 00F8C520
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID: #Hw$#Hw$#Hw/
                                                              • API String ID: 2393043351-3943261266
                                                              • Opcode ID: 8f5d023847a1a3a274af32908e9438ca74667626ddedfc7872c2863143f0cdd3
                                                              • Instruction ID: 7ee578720df5df3d268d351eede1dc7694e77820e4d15216136e3e74c7dbeffa
                                                              • Opcode Fuzzy Hash: 8f5d023847a1a3a274af32908e9438ca74667626ddedfc7872c2863143f0cdd3
                                                              • Instruction Fuzzy Hash: D5518F719016099BDB11EF68CC44BDEF7B8EF45324F188259E815AB291DB34EE04DBE1
                                                              Function 6F8347A0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PathFileExistsW.KERNELBASE(00000120,uploader.dll,00000000), ref: 6F83482B
                                                              • LoadLibraryW.KERNELBASE(00000120), ref: 6F834838
                                                              • GetProcAddress.KERNEL32(00000000,SetLocaleString), ref: 6F83484A
                                                              • GetProcAddress.KERNEL32(?,UploadImage), ref: 6F83485A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$ExistsFileLibraryLoadPath
                                                              • String ID: SetLocaleString$UploadImage$uploader.dll
                                                              • API String ID: 3006711067-3392316261
                                                              • Opcode ID: 009987cc4d47325587a0942772bd4c7376cfb0cf30c142206fae287871c26aed
                                                              • Instruction ID: 704536a364fc1df7183f178824e1e7f3eea904afbee116e93df4bf514c06e56d
                                                              • Opcode Fuzzy Hash: 009987cc4d47325587a0942772bd4c7376cfb0cf30c142206fae287871c26aed
                                                              • Instruction Fuzzy Hash: 33317271A00A46DBDB00DFA9C854B5AFBB5FF45324F108AA9E4259B7E0DB35E814CBD0
                                                              Function 00F8D330 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 207registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F8BF50: GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BF74
                                                                • Part of subcall function 00F8BF50: RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BFD7
                                                              • RegEnumValueW.KERNELBASE(00000000,00000000,00000010,00000200,00000000,00000000,00000000,00000000), ref: 00F8D4D0
                                                                • Part of subcall function 00F8D220: RegSetValueExW.KERNELBASE(?,00000010,00000000,00000000,00000000,00000000), ref: 00F8D2CD
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • RegCloseKey.KERNELBASE(?,80070057), ref: 00F8D542
                                                              • RegCloseKey.ADVAPI32(00000000,00000000,80000002,00000000,00020019,00000000,80000001,00000000), ref: 00F8D579
                                                              • RegCloseKey.ADVAPI32(00000000,00000000,80000002,00000000,00020019,00000000,80000001,00000000), ref: 00F8D582
                                                              • RegCloseKey.ADVAPI32(00000000,?,80000001,00000000,0002001F,77E44823), ref: 00F8D58E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$Value$EnumErrorException@8HandleLastModuleThrow
                                                              • String ID: #Hw/
                                                              • API String ID: 2349902564-1770964375
                                                              • Opcode ID: 9cb348f6cd8dc7b552992f394212d53122f9ba7abdd515388c21fdfc4ef6788d
                                                              • Instruction ID: c688350ab18620315c1bf7e0cc2ac37e8e9ec507aa81af34a2db0423254bb903
                                                              • Opcode Fuzzy Hash: 9cb348f6cd8dc7b552992f394212d53122f9ba7abdd515388c21fdfc4ef6788d
                                                              • Instruction Fuzzy Hash: 0C718071E002099BEB10EFA9CC84BEEFBB4EF44324F188159E415AB2D1D774A904DF91
                                                              Function 6CF228D0 Relevance: 10.7, APIs: 7, Instructions: 194threadsynchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(6CF53820,00000000,?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF229CA
                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF229D4
                                                                • Part of subcall function 6CF21800: __CxxThrowException@8.LIBVCRUNTIME ref: 6CF21812
                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF22AAB
                                                              • WaitForSingleObject.KERNEL32(00000308,00000000,?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF22AC2
                                                              • TerminateThread.KERNEL32(00000000,?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF22AD7
                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,6CF43EC4,000000FF,?,6CF21111,UA-31173726-1), ref: 6CF22AE3
                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00001740,6CF537F8,00000000,00000000), ref: 6CF22B05
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateInit_thread_footerThread$CloseCountCriticalErrorEventException@8HandleHeapInitializeLastObjectProcessSectionSingleSpinTerminateThrowWait
                                                              • String ID:
                                                              • API String ID: 2441476881-0
                                                              • Opcode ID: 1a7295b67c177a4343395462b35bcb0207528e7c3b3f59ed73d758baee65e514
                                                              • Instruction ID: a77f2db297e5cbba1f8c25e853033106bf29296152f1c851b21b6cc5826e9b0b
                                                              • Opcode Fuzzy Hash: 1a7295b67c177a4343395462b35bcb0207528e7c3b3f59ed73d758baee65e514
                                                              • Instruction Fuzzy Hash: DF71AD71B206019FDB44CF68C888B4ABBF1FB16329F508259E515DBB91D77AD808CF80
                                                              Function 00F8BF50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BF74
                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00F8BF8B
                                                              • RegOpenKeyExW.KERNELBASE(00000000,80000001,00000000,00F8C1A0,00000000,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BFC4
                                                              • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BFD7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressCloseHandleModuleOpenProc
                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                              • API String ID: 823179699-3913318428
                                                              • Opcode ID: 763f494777fc907fc52d423da91b37afdc53a2a94b111c58ea1376263efd8a5e
                                                              • Instruction ID: 23e90a5d3eb5c272c8640f28a64f935a0bd13d90fcc178393180467318167229
                                                              • Opcode Fuzzy Hash: 763f494777fc907fc52d423da91b37afdc53a2a94b111c58ea1376263efd8a5e
                                                              • Instruction Fuzzy Hash: E311903170420AFBEB249F99DC48F9ABBA8EF54710F108029FA05D6290D770E940EF61
                                                              Function 00F9A4D0 Relevance: 10.6, APIs: 7, Instructions: 51windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoInitialize.OLE32(00000000), ref: 00F9A4D9
                                                              • new.LIBCMT ref: 00F9A4E4
                                                                • Part of subcall function 00F9D300: RegisterWindowMessageW.USER32(DetachRequestDone,00000000), ref: 00F9D35A
                                                                • Part of subcall function 00F9D300: RegisterWindowMessageW.USER32 ref: 00F9D36B
                                                                • Part of subcall function 00F9D300: RegisterWindowMessageW.USER32 ref: 00F9D432
                                                                • Part of subcall function 00F9D300: RegisterWindowMessageW.USER32 ref: 00F9D47D
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9A4FF
                                                              • TranslateMessage.USER32(?), ref: 00F9A51B
                                                              • DispatchMessageW.USER32(?), ref: 00F9A521
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9A52D
                                                              • CoUninitialize.OLE32 ref: 00F9A546
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Message$RegisterWindow$DispatchInitializeTranslateUninitialize
                                                              • String ID:
                                                              • API String ID: 993454168-0
                                                              • Opcode ID: ac56f18c628eed9393cf88c96e0138ce6f2e8554444c21422a69d422f3f620b4
                                                              • Instruction ID: 45f3868f034a8c19e6776e8b259d7fece44e77734f00e868a2fb32adfd848736
                                                              • Opcode Fuzzy Hash: ac56f18c628eed9393cf88c96e0138ce6f2e8554444c21422a69d422f3f620b4
                                                              • Instruction Fuzzy Hash: CA014472F4020DA7EB20ABA49C8AF9A77AC9F44B11F144151F605DB1D1EA65E8019BA2
                                                              Function 6F836080 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreatePen.GDI32(00000002,00000001,00000000), ref: 6F836101
                                                              • GetDC.USER32(00000000), ref: 6F836111
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6F836126
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83612E
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F836133
                                                              • MulDiv.KERNEL32(00000004,00000060,00000060), ref: 6F836141
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$CreateRelease
                                                              • String ID:
                                                              • API String ID: 2571409768-0
                                                              • Opcode ID: d6e1ad454c60ffdf5acbf0e3fbc3049c594d1d52eea95b060446725e2292493f
                                                              • Instruction ID: 211ed0f1423e20740f748830847b479e5d5e9eb733be5e8beeb3d2319c520933
                                                              • Opcode Fuzzy Hash: d6e1ad454c60ffdf5acbf0e3fbc3049c594d1d52eea95b060446725e2292493f
                                                              • Instruction Fuzzy Hash: 8F21FCB1640B16BFEB508F65C859B46BFE4FB15725F004159E6089BA80C7BAB478CFD0
                                                              Function 6F83AD90 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipAlloc.GDIPLUS(00000008,00000000,00000000,?,?,6F83AA36), ref: 6F83AD9A
                                                              • GdipCreateFromHDC.GDIPLUS(?,?,?,6F83AA36), ref: 6F83ADB7
                                                              • GdipSetInterpolationMode.GDIPLUS(00000000,00000001,?,6F83AA36), ref: 6F83ADD3
                                                              • GdipSetSmoothingMode.GDIPLUS(?,00000003,?,6F83AA36), ref: 6F83ADEA
                                                              • GdipSetPixelOffsetMode.GDIPLUS(?,00000003,?,6F83AA36), ref: 6F83AE01
                                                              • GdipSetCompositingQuality.GDIPLUS(?,00000001,?,6F83AA36), ref: 6F83AE18
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Mode$AllocCompositingCreateFromInterpolationOffsetPixelQualitySmoothing
                                                              • String ID:
                                                              • API String ID: 703346066-0
                                                              • Opcode ID: 9f7b1f62f8c20614a1f2aea291c75345e3f66e4853a6c9af1e74bcaec4b696b6
                                                              • Instruction ID: 9205e52346ba78a5472503d60cfba2b2a8b0822ac922ba5da11d0679520af5a8
                                                              • Opcode Fuzzy Hash: 9f7b1f62f8c20614a1f2aea291c75345e3f66e4853a6c9af1e74bcaec4b696b6
                                                              • Instruction Fuzzy Hash: 74115435A00611EFEB748F65C904B9ABBF8FF05751F0089A9E859E7250DB71A920CBD0
                                                              Function 00F8C0D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 258registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.KERNELBASE(00000000,?,00000000,?,00000000,?,?,80000001,00000000,0002001F), ref: 00F8C203
                                                              • RegCloseKey.KERNELBASE(00000000,?,80070057,00000010,?), ref: 00F8C2B6
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00F8C31D
                                                              • RegCloseKey.ADVAPI32(00000000,?,80000001,00000000,0002001F), ref: 00F8C344
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID: #Hw/
                                                              • API String ID: 2393043351-1770964375
                                                              • Opcode ID: ea447e5a5d9ecccc2d2108633e7d20e46259bc4239f29b668bd274c50a5f5583
                                                              • Instruction ID: 9c5ce0ad76d70f6c74bac7ac49953b2504bbf101315ae016784a3cf6d75c5a5c
                                                              • Opcode Fuzzy Hash: ea447e5a5d9ecccc2d2108633e7d20e46259bc4239f29b668bd274c50a5f5583
                                                              • Instruction Fuzzy Hash: 34A16C71A0060A9BDB00EF69CC88B9EFBF4FF45324F148269E415E7291EB34D905DBA0
                                                              Function 00F8DAF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateFileW.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000,77E44823,00FB71F0,?,00FB71F0), ref: 00F8DB53
                                                              • GetFileSize.KERNEL32(00000000,?,?,00FB71F0), ref: 00F8DB7D
                                                                • Part of subcall function 00F87210: GetLastError.KERNEL32(00F8726A,?,?,?,?,00000000), ref: 00F87210
                                                              • CloseHandle.KERNELBASE(00000000,?,00FB71F0), ref: 00F8DD4F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: File$CloseCreateErrorHandleLastSize
                                                              • String ID: #Hw$#Hw/
                                                              • API String ID: 281206921-391555086
                                                              • Opcode ID: d49c1c8729341a1fcec3d6b6edc3b41ab5cc610d1b0723814d6b60160fb1d67c
                                                              • Instruction ID: 35ddc196f218aca9c3138b02cb95fb8ff792087830a5189d882986ede3dc5a92
                                                              • Opcode Fuzzy Hash: d49c1c8729341a1fcec3d6b6edc3b41ab5cc610d1b0723814d6b60160fb1d67c
                                                              • Instruction Fuzzy Hash: 1F617D71D002289BDB28EF15CC85BDEB7B8AF45324F1042D8E919A72D1EB749E84DF91
                                                              Function 00F9FB00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 123windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32 ref: 00F9FBAB
                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F9FBC9
                                                              • GetLastError.KERNEL32(?,?), ref: 00F9FBD1
                                                              • DestroyIcon.USER32(?,?,?), ref: 00F9FBE8
                                                                • Part of subcall function 00FA0030: EnterCriticalSection.KERNEL32(00FCC684,00000000,?,?), ref: 00FA0057
                                                                • Part of subcall function 00FA0030: GetClassInfoExW.USER32(00000000,?,?), ref: 00FA008F
                                                                • Part of subcall function 00FA0030: GetClassInfoExW.USER32(?,00000030), ref: 00FA00A2
                                                                • Part of subcall function 00FA0030: LeaveCriticalSection.KERNEL32(00FCC684), ref: 00FA00AD
                                                                • Part of subcall function 00F9FF80: SetLastError.KERNEL32(0000000E,?,?,?,00F9FB5F,?,00000000,?,80000000,00000000,00000000,?,0000014C,75C0F550), ref: 00F9FF9B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$ClassCriticalIconInfoSection$DestroyEnterLeaveNotifyShell_
                                                              • String ID: #Hw/
                                                              • API String ID: 1642478532-1770964375
                                                              • Opcode ID: de2a6cc3a1a3359b64c4ab1e33ff646b43e56a41e7a54db7f7286c8022b6130a
                                                              • Instruction ID: 1244b51b351df11c35fb929d27c530a37c8a277c5fc9520d7d5274ff66652c8f
                                                              • Opcode Fuzzy Hash: de2a6cc3a1a3359b64c4ab1e33ff646b43e56a41e7a54db7f7286c8022b6130a
                                                              • Instruction Fuzzy Hash: D9410E71604204ABE714EF64DC82F6AB7A8FF88314F00452EF949D7680DB31E918DBA2
                                                              Function 6F8318C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8317F0: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 6F83186F
                                                                • Part of subcall function 6F8317F0: VerSetConditionMask.KERNEL32(00000000), ref: 6F831873
                                                                • Part of subcall function 6F8317F0: VerSetConditionMask.KERNEL32(00000000), ref: 6F831877
                                                                • Part of subcall function 6F8317F0: VerifyVersionInfoW.KERNEL32 ref: 6F83189B
                                                              • PathFileExistsW.KERNELBASE(00000000,DXGIODScreenshot.dll,00000000), ref: 6F83195C
                                                              • LoadLibraryW.KERNELBASE(?), ref: 6F831969
                                                              • GetProcAddress.KERNEL32(00000000,TakeScreenshotExp), ref: 6F83197B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ConditionMask$AddressExistsFileInfoLibraryLoadPathProcVerifyVersion
                                                              • String ID: DXGIODScreenshot.dll$TakeScreenshotExp
                                                              • API String ID: 3071537441-3930461562
                                                              • Opcode ID: d2eb1316f6b9eaf272ddb2bab11f520279d7063db2593161bfb7fe40ea5af763
                                                              • Instruction ID: 3eff3b7c89a8eede5d28f295c0db0a2107b07aa74b9ede854c95ff2e85340617
                                                              • Opcode Fuzzy Hash: d2eb1316f6b9eaf272ddb2bab11f520279d7063db2593161bfb7fe40ea5af763
                                                              • Instruction Fuzzy Hash: 73318171D00A159BDB00CFA9CC08B5AF7B5FF45729F108BA9E8259B3E4DB34A900CB90
                                                              Function 6F844450 Relevance: 7.6, APIs: 5, Instructions: 117windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F838590: GlobalUnlock.KERNEL32(?), ref: 6F8385B4
                                                                • Part of subcall function 6F838590: GlobalFree.KERNEL32(?), ref: 6F8385BD
                                                                • Part of subcall function 6F838590: FindResourceW.KERNELBASE(00000000,00000000,?,00000050,6F830000,00000044,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000), ref: 6F8385D4
                                                                • Part of subcall function 6F838590: SizeofResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385E6
                                                                • Part of subcall function 6F838590: LoadResource.KERNEL32(00000000,00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F8385F9
                                                                • Part of subcall function 6F838590: LockResource.KERNEL32(00000000,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF,?,6F84205D), ref: 6F838600
                                                                • Part of subcall function 6F838590: GlobalAlloc.KERNELBASE(00000002,?,?,6F84454E,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000,6F85A6DC,000000FF), ref: 6F838616
                                                                • Part of subcall function 6F838590: GlobalLock.KERNEL32(00000000), ref: 6F838628
                                                                • Part of subcall function 6F838590: CreateStreamOnHGlobal.OLE32(?,00000000,00000000), ref: 6F83864D
                                                                • Part of subcall function 6F838590: GlobalUnlock.KERNEL32(?), ref: 6F8386A0
                                                                • Part of subcall function 6F838590: GlobalFree.KERNEL32(?), ref: 6F8386A9
                                                              • GetWindowDC.USER32(00000000,?,00000000,6F830000,?,00000000,6F830000,?,00000000,6F830000,6EB740BD,00000170,00000000,00000000,00000000,00000000), ref: 6F84457A
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F844583
                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F844593
                                                              • SelectObject.GDI32(?,00000000), ref: 6F8445A0
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F8445AC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Global$Resource$Create$CompatibleFreeLockUnlock$AllocBitmapFindLoadObjectReleaseSelectSizeofStreamWindow
                                                              • String ID:
                                                              • API String ID: 3765646087-0
                                                              • Opcode ID: bbefb9dd78d15f595ee354a7aced0df426895af510d100cd6d15c7598f9a109d
                                                              • Instruction ID: 346d47132b5e67661802f2faddec028017fc48e554806620fdaa32929084ee37
                                                              • Opcode Fuzzy Hash: bbefb9dd78d15f595ee354a7aced0df426895af510d100cd6d15c7598f9a109d
                                                              • Instruction Fuzzy Hash: B55128B5901606EFDB44CF54C844B6ABBE4FF09324F008699E8188B791D779E864CFD0
                                                              Function 6F834DD0 Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8315F0: GetProcessHeap.KERNEL32(?), ref: 6F831623
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83164E
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83168F
                                                              • SetLastError.KERNEL32(00000000), ref: 6F834E39
                                                              • GetModuleFileNameW.KERNEL32(6F830000,00000010,000007D0), ref: 6F834E6A
                                                              • GetLastError.KERNEL32 ref: 6F834E7A
                                                              • GetModuleFileNameW.KERNEL32(?,00000010,00002710), ref: 6F834EB9
                                                              • GetLastError.KERNEL32 ref: 6F834ECA
                                                                • Part of subcall function 6F8311A0: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8311B2
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$FileInit_thread_footerModuleName$Exception@8HeapProcessThrow
                                                              • String ID:
                                                              • API String ID: 1359969811-0
                                                              • Opcode ID: b44ce440813dedee9b073add5cf5ab57b364297b2681f93369460f0523ec30a9
                                                              • Instruction ID: 1c6dad2cb43702b68fcfe63e67692d3dc48b1f735e5ca33b23056819eb1a2f61
                                                              • Opcode Fuzzy Hash: b44ce440813dedee9b073add5cf5ab57b364297b2681f93369460f0523ec30a9
                                                              • Instruction Fuzzy Hash: 1941A672E046159BDB04DFA8C88476FBBB4FF45324F1009A9E815AB2E0DB796910CBD0
                                                              Function 00F926A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 00F926B4
                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00F926CA
                                                              • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 00F926DE
                                                              • GetWindowLongW.USER32(?,000000FC), ref: 00F926F7
                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 00F92706
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$CallProc
                                                              • String ID:
                                                              • API String ID: 513923721-0
                                                              • Opcode ID: f1fbe711581bb514ff6bcd1e2c87a449a6e6b1b9dc41f0cacf55aa9701c06140
                                                              • Instruction ID: ff403f9831905c9dc2b79d4d2e72be9b74213937fd125a8c3364230ee3d3350d
                                                              • Opcode Fuzzy Hash: f1fbe711581bb514ff6bcd1e2c87a449a6e6b1b9dc41f0cacf55aa9701c06140
                                                              • Instruction Fuzzy Hash: B5214F36504608AFDB219F58DC8595BBBF1FF483207108B1DF8AA926B0C732E910EF51
                                                              Function 6F8170A2 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,00000000,00000000,6F8159E8,6F816B61,?,6F8123F0,?,00000004,?,00000000,00000000,?,6F811703,?), ref: 6F8170A7
                                                              • _free.LIBCMT ref: 6F8170DC
                                                              • _free.LIBCMT ref: 6F817103
                                                              • SetLastError.KERNEL32(00000000), ref: 6F817110
                                                              • SetLastError.KERNEL32(00000000), ref: 6F817119
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free
                                                              • String ID:
                                                              • API String ID: 3170660625-0
                                                              • Opcode ID: 26dd95b595f538ba7a9328219c99fd6e0e4c968828ec461847b4360cbe47eee5
                                                              • Instruction ID: 8120922443f397a57d07d93a6bbb13d40abe4232c1dc694020fd63c7363b5715
                                                              • Opcode Fuzzy Hash: 26dd95b595f538ba7a9328219c99fd6e0e4c968828ec461847b4360cbe47eee5
                                                              • Instruction Fuzzy Hash: 5F01A23628CB03779B06D63CDD45D0F2669AF823787214FECF918DE280EF24A81181B1
                                                              Function 00F8A140 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 208COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PathFileExistsW.KERNELBASE(000000FF,00000000,00FB71F0,77E44823), ref: 00F8A1D2
                                                                • Part of subcall function 00F8AD50: PathAppendW.SHLWAPI(00000000,00000000,?,00000000,?,00F8BBAC,net.dll,77E44823,?,00000000,?,?), ref: 00F8AD7C
                                                              • PathFileExistsW.KERNELBASE(000000FF), ref: 00F8A2CA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Path$ExistsFile$Append
                                                              • String ID: #Hw/$.txt
                                                              • API String ID: 2939945434-752427987
                                                              • Opcode ID: ed5d38fda040099a6385f5c74d9c0d682b8b6363dd0ecbcbf229d2ffb1eafd19
                                                              • Instruction ID: cfc30a7964900460b9bb68b4d9da23a69860acf33071e690d7d06b35f2351ffc
                                                              • Opcode Fuzzy Hash: ed5d38fda040099a6385f5c74d9c0d682b8b6363dd0ecbcbf229d2ffb1eafd19
                                                              • Instruction Fuzzy Hash: FF818031A006499FDB00EB6CCC44B9EF7B5EF45324F1882A9E824DB2A2DB35DD05DB91
                                                              Function 00F86A80 Relevance: 6.1, APIs: 4, Instructions: 66memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnregisterClassW.USER32(?), ref: 00F86AC3
                                                              • DeleteCriticalSection.KERNEL32(00FCC684), ref: 00F86B06
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 00F86B25
                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00F86B3B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateClassCriticalDeleteExceptionHeapRaiseSectionUnregister
                                                              • String ID:
                                                              • API String ID: 320906898-0
                                                              • Opcode ID: 5de172df15c5dd0069ba8a7a5de463d3b36c2f642102cfea221f2538a2762b00
                                                              • Instruction ID: faaa3b875f2586ae2a7cea524a79ff816ea28425734341b28b46db0ad505ad20
                                                              • Opcode Fuzzy Hash: 5de172df15c5dd0069ba8a7a5de463d3b36c2f642102cfea221f2538a2762b00
                                                              • Instruction Fuzzy Hash: FB110871600209ABDB10AF68EF86F9677D8EB04758F145015F50CEB260C779E841BBE1
                                                              Function 6F831415 Relevance: 6.1, APIs: 4, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnregisterClassW.USER32(?), ref: 6F831453
                                                              • DeleteCriticalSection.KERNEL32(6F86A5A4), ref: 6F831496
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 6F8314B5
                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6F8314CB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateClassCriticalDeleteExceptionHeapRaiseSectionUnregister
                                                              • String ID:
                                                              • API String ID: 320906898-0
                                                              • Opcode ID: 2100b8acd80e9d43bcaccb7551ec2724cfb7be882c45fc68dc0ad56a10c6e18b
                                                              • Instruction ID: b1008f07e625c9702a0b9e4024aca562d9881c467779c9f1127c5c1281a2d7c4
                                                              • Opcode Fuzzy Hash: 2100b8acd80e9d43bcaccb7551ec2724cfb7be882c45fc68dc0ad56a10c6e18b
                                                              • Instruction Fuzzy Hash: B511C272A00A24ABEF10CAE98C4CF5577A9BB07B64F1254DAF501DB290DB79E421CBD4
                                                              Function 00F8CAC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegSetValueExW.KERNELBASE(?,00F88FF8,00000000,00000004,00000000,00000004,?,80000001,00000000), ref: 00F8CBD9
                                                              • RegCloseKey.ADVAPI32(?,?,80000001,00000000), ref: 00F8CBED
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseValue
                                                              • String ID: #Hw/
                                                              • API String ID: 3132538880-1770964375
                                                              • Opcode ID: 30510c7d7ef934cd3cc8f2c2f59a5f7185ebbad585135675bbe4283bf5a48c9f
                                                              • Instruction ID: 79d1daf8a674bd8e04731e31ca9dc27da628e388ff1dbfd99e31d154d4ace8a8
                                                              • Opcode Fuzzy Hash: 30510c7d7ef934cd3cc8f2c2f59a5f7185ebbad585135675bbe4283bf5a48c9f
                                                              • Instruction Fuzzy Hash: B2519030A006099FD701EF6CC845B9EFBB9EF45724F14C2A9E814DB292DB749E04DBA1
                                                              Function 00F8D130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,00000000,?,77E44823), ref: 00F8D173
                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,77E44823), ref: 00F8D1DA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: QueryValue
                                                              • String ID: #Hw/
                                                              • API String ID: 3660427363-1770964375
                                                              • Opcode ID: 3cc253fbb843cbfc48b0f755ae05ce5da7c8de8042b200629df9a54df917080e
                                                              • Instruction ID: 38e6542accb3a188ecf021e156537099a26eb010ea3ecc7fa442d306ebe97ea1
                                                              • Opcode Fuzzy Hash: 3cc253fbb843cbfc48b0f755ae05ce5da7c8de8042b200629df9a54df917080e
                                                              • Instruction Fuzzy Hash: 7B319371900A09ABDB21EF59CC44B9AB7F9FF44760F208219E825A72D4D770AD00DB91
                                                              Function 00FA1717 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000008,00000008,?,00F92885,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA171C
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1723
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1768
                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA176F
                                                                • Part of subcall function 00FA15D4: GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,00FA175E,?,?,?,?,?,?,?,?,?,?), ref: 00FA15F7
                                                                • Part of subcall function 00FA15D4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA15FE
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$Alloc$Free
                                                              • String ID:
                                                              • API String ID: 1864747095-0
                                                              • Opcode ID: 4b9bc83b2af2ff918cb0252b86d1e1e20f419969d96adfeaf2ab47e8f0849aa2
                                                              • Instruction ID: 2ae0c90aef44324a82880ef8437b56595c65259112fdcdf9695a10cbde201330
                                                              • Opcode Fuzzy Hash: 4b9bc83b2af2ff918cb0252b86d1e1e20f419969d96adfeaf2ab47e8f0849aa2
                                                              • Instruction Fuzzy Hash: E4F052B7A442025BCB6127BC7C49E9B3969BF827A1F02411AF486D6240CF38C800BF62
                                                              Function 6F839E20 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F834D70: LoadLibraryW.KERNEL32(Shcore.dll,?,6F839E4A,6EB740BD), ref: 6F834D76
                                                                • Part of subcall function 6F834D70: GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6F834D88
                                                                • Part of subcall function 6F834D70: FreeLibrary.KERNEL32(00000000,?,6F839E4A,6EB740BD), ref: 6F834D9E
                                                                • Part of subcall function 6F834D70: LoadLibraryW.KERNEL32(user32.dll,?,6F839E4A,6EB740BD), ref: 6F834DA9
                                                                • Part of subcall function 6F834D70: GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 6F834DBB
                                                                • Part of subcall function 6F834D70: FreeLibrary.KERNEL32(00000000,?,6F839E4A,6EB740BD), ref: 6F834DC8
                                                                • Part of subcall function 6F840FB0: DeleteObject.GDI32(6EB740BD), ref: 6F840FD0
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32 ref: 6F841008
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32(0000004D), ref: 6F84100E
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32(0000004E), ref: 6F841015
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32(0000004C), ref: 6F84101B
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32(0000004D), ref: 6F841022
                                                                • Part of subcall function 6F840FB0: GetSystemMetrics.USER32(0000004C), ref: 6F841027
                                                                • Part of subcall function 6F840FB0: SetRect.USER32(00000000,00000000), ref: 6F84102F
                                                                • Part of subcall function 6F840FB0: GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6F836FC5), ref: 6F841037
                                                                • Part of subcall function 6F840FB0: GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F841042
                                                                • Part of subcall function 6F840FB0: ReleaseDC.USER32(00000000,00000000), ref: 6F84104D
                                                                • Part of subcall function 6F840FB0: CreateBitmap.GDI32(?,00000000,00000001,00000000,00000000), ref: 6F84106A
                                                              • InitCommonControlsEx.COMCTL32(?,?,?,?,?,?,6F836FC5), ref: 6F839E66
                                                              • GdiplusStartup.GDIPLUS(6F86A4C0,6F86A4B0,00000000,?,?,?,?,?,6F836FC5), ref: 6F839E78
                                                              • new.LIBCMT ref: 6F839E83
                                                                • Part of subcall function 6F83A660: GdipCreateSolidFill.GDIPLUS(?,?,C8000000,?), ref: 6F83A752
                                                                • Part of subcall function 6F83A660: GdipCreateStringFormat.GDIPLUS(00000000,00000000,00000120,?,6EB740BD), ref: 6F83A78C
                                                                • Part of subcall function 6F83A660: GdipCreateSolidFill.GDIPLUS(FFDEDEDE,00000000), ref: 6F83A7B9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$CreateLibrary$Gdip$AddressFillFreeLoadProcSolid$BitmapCapsCommonControlsDeleteDeviceFormatGdiplusInitObjectRectReleaseStartupStringWindow
                                                              • String ID:
                                                              • API String ID: 709846160-0
                                                              • Opcode ID: 7005aca90d19d4d2661aabdf4adc2712596119f087774d2ca1b4aaf3902239a4
                                                              • Instruction ID: 11b1b15ebcb54ce64c4955a495a0d7b2dcef2d768242f6d27a765eff0abfda63
                                                              • Opcode Fuzzy Hash: 7005aca90d19d4d2661aabdf4adc2712596119f087774d2ca1b4aaf3902239a4
                                                              • Instruction Fuzzy Hash: FE0162B1D04A18EBCF40DFE8DD04B6DB7B8FB09714F104AA9E5199A3C0DB3855148BA2
                                                              Function 00F8D220 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F8D130: RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,00000000,?,77E44823), ref: 00F8D173
                                                                • Part of subcall function 00F8D130: RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,00000000,00000000,00000000,?,77E44823), ref: 00F8D1DA
                                                              • RegSetValueExW.KERNELBASE(?,00000010,00000000,00000000,00000000,00000000), ref: 00F8D2CD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Value$Query
                                                              • String ID: #Hw/
                                                              • API String ID: 4255345937-1770964375
                                                              • Opcode ID: f2c4b0f7fc865c1d2d6c6aec6f2300dc668cf7a0809745afaf082fc8dc321e41
                                                              • Instruction ID: 921015418811c8a3d6e7935d8e2a7d32d84a11894b5b75dabcc6086ff1dd2345
                                                              • Opcode Fuzzy Hash: f2c4b0f7fc865c1d2d6c6aec6f2300dc668cf7a0809745afaf082fc8dc321e41
                                                              • Instruction Fuzzy Hash: A8313B719006099BDB10DF98CC85BDEBBF8FF48324F244669E815A7391DB759D04CBA1
                                                              Function 00F9FD10 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F9FD96
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: IconNotifyShell_
                                                              • String ID: #Hw/
                                                              • API String ID: 1144537725-1770964375
                                                              • Opcode ID: 930d0fafac0d310a9354562f076c721dffa680eff61415a48b1dceda713eb0d5
                                                              • Instruction ID: 3a3a1158de364135bb72d45be316775e88ea2f3b7171569d585f88a7da609a9f
                                                              • Opcode Fuzzy Hash: 930d0fafac0d310a9354562f076c721dffa680eff61415a48b1dceda713eb0d5
                                                              • Instruction Fuzzy Hash: A2118C722143049BE721DF14DC02BAFB7ECEF84310F40492EB99996280DB75AA18DB92
                                                              Function 00F9FDD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F9FE3D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: IconNotifyShell_
                                                              • String ID: #Hw/
                                                              • API String ID: 1144537725-1770964375
                                                              • Opcode ID: 8d36d15ad937248ce97d3afa5ea3767d6758d1e0b7b31321e846cc0a9bfe8e08
                                                              • Instruction ID: d0e58669533b4479c61863e7a2d308c4f2e3f63b778dbbf325c0b15012b86d37
                                                              • Opcode Fuzzy Hash: 8d36d15ad937248ce97d3afa5ea3767d6758d1e0b7b31321e846cc0a9bfe8e08
                                                              • Instruction Fuzzy Hash: 5E015E716143049BD720DF24D802BAFF7ECEB84714F40492EAA5997280DB75AA189BD2
                                                              Function 00F8F1E0 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WideCharToMultiByte.KERNELBASE(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,00F8F12F,?), ref: 00F8F1FE
                                                              • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,00000000,00000000,?,?,?,?,00F8F12F,?), ref: 00F8F234
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 626452242-0
                                                              • Opcode ID: 778cd78784ad473b84aaa6b52170868f011706e9a735a55804a084ed1c5b1f73
                                                              • Instruction ID: de3876ff0ab3c4f8171d3c9ec29fe385a12cfb5d2db2398560a152f49a712e94
                                                              • Opcode Fuzzy Hash: 778cd78784ad473b84aaa6b52170868f011706e9a735a55804a084ed1c5b1f73
                                                              • Instruction Fuzzy Hash: 9711FE367452157FE620AA4DDC89F9AF799EF84771F200126F324AF2D0CAA17C149BA4
                                                              Function 00F9FF80 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateWindowExW.USER32(00000000,00000000,80000000,?,00FCA810,80000000,00000000,00000000,00000000,?,00000000,?), ref: 00FA0016
                                                                • Part of subcall function 00FA1717: GetProcessHeap.KERNEL32(00000008,00000008,?,00F92885,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA171C
                                                                • Part of subcall function 00FA1717: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1723
                                                              • SetLastError.KERNEL32(0000000E,?,?,?,00F9FB5F,?,00000000,?,80000000,00000000,00000000,?,0000014C,75C0F550), ref: 00F9FF9B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$AllocCreateErrorLastProcessWindow
                                                              • String ID:
                                                              • API String ID: 3278478225-0
                                                              • Opcode ID: a0623cbd1020561631a583ade1ba36379d9ee02e83fea08d784595f9898453be
                                                              • Instruction ID: 62cba0ac711c954752f58843cee93048c5437f5588a924e34149d90f207bcbc5
                                                              • Opcode Fuzzy Hash: a0623cbd1020561631a583ade1ba36379d9ee02e83fea08d784595f9898453be
                                                              • Instruction Fuzzy Hash: 0E116D32600209AFEB209F65DD01FA77BE8FF45758F148529F908D6150E772EC20EBA0
                                                              Function 00F8BED0 Relevance: 3.0, APIs: 2, Instructions: 44registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegCreateKeyExW.KERNELBASE(80000001,?,00000000,00000000,00000000,0002001F,00000000,00000000,80000001,?,80000001), ref: 00F8BF12
                                                              • RegCloseKey.ADVAPI32(00000000,?,80000001), ref: 00F8BF25
                                                                • Part of subcall function 00F8BE20: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,00F8BEFD,80000001,?,?,?,00000000,80000001,?,80000001), ref: 00F8BE30
                                                                • Part of subcall function 00F8BE20: GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00F8BE40
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressCloseCreateHandleModuleProc
                                                              • String ID:
                                                              • API String ID: 1765684683-0
                                                              • Opcode ID: 337bc40937d4259736ad5fa07f8a025e8b2ee43639ad249d3da43e16812f4b88
                                                              • Instruction ID: 9907b04d7c05f8acf7b0d901fcd2d2dbc27f5be07f9b8201d8bad5e8751cfe22
                                                              • Opcode Fuzzy Hash: 337bc40937d4259736ad5fa07f8a025e8b2ee43639ad249d3da43e16812f4b88
                                                              • Instruction Fuzzy Hash: AB016275640209BBDB20EF58DC45BDA7BE9AF08300F108069FA45D7291DB71DA10AB94
                                                              Function 6F838430 Relevance: 3.0, APIs: 2, Instructions: 32memorywindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipAlloc.GDIPLUS(00000010,?,0000005C,00000000,?,6F83865F), ref: 6F83843A
                                                              • GdipCreateBitmapFromStream.GDIPLUS(00000000,6F83865F), ref: 6F838458
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                              • String ID:
                                                              • API String ID: 1915507550-0
                                                              • Opcode ID: a219c6f571b781687269277608ed6d73c8ff3913915e7d6801f179e8a0c88ec9
                                                              • Instruction ID: af975ba3624e46d09e4d68372ba6e43b9ea824d02ce3d5ab4fcc3892e76cf85b
                                                              • Opcode Fuzzy Hash: a219c6f571b781687269277608ed6d73c8ff3913915e7d6801f179e8a0c88ec9
                                                              • Instruction Fuzzy Hash: 84F03072A05718AFD724CF99D805AAAFBECDB85761F1046AFEC48D3300E6B5AD1096D0
                                                              Function 00F9FE80 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00F9FF5F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LongWindow
                                                              • String ID:
                                                              • API String ID: 1378638983-0
                                                              • Opcode ID: 6990487f0617cef4a952ae191a0a3cc2edc694f5e52a11c183f6eb697ed2a0da
                                                              • Instruction ID: b55b4035886bfde11701bdabf5c0062540c8912cead74631e25739ee29b3b6a3
                                                              • Opcode Fuzzy Hash: 6990487f0617cef4a952ae191a0a3cc2edc694f5e52a11c183f6eb697ed2a0da
                                                              • Instruction Fuzzy Hash: 5831F6326002055BEB30AF55EC80D6BB7A9EF91770B10453EF955C7661D772EC05E7A0
                                                              Function 6CF3F721 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF399CD: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CF3AC33,00000001,00000364,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546), ref: 6CF39A0E
                                                              • _free.LIBCMT ref: 6CF3F78D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap_free
                                                              • String ID:
                                                              • API String ID: 614378929-0
                                                              • Opcode ID: bc43190e3ddd56d6abb27bb4696b3f336139b77b4a39a41818b95c2326dd6f87
                                                              • Instruction ID: 23765e1e00d856eab5c21df7ab50c38b6389a930a2051c9af674e881f03bc62a
                                                              • Opcode Fuzzy Hash: bc43190e3ddd56d6abb27bb4696b3f336139b77b4a39a41818b95c2326dd6f87
                                                              • Instruction Fuzzy Hash: 04012B721003157BE321CFA5988594AFBE8EB85370F25061DD59883680EB306905C6B4
                                                              Function 00FAF8B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00FAC751: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00FAD030,00000001,00000364,?,00FA2ED1,00F812B3,00F812B1,?,00F812B1,?,00FA0201,00FA030B), ref: 00FAC792
                                                              • _free.LIBCMT ref: 00FAF920
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap_free
                                                              • String ID:
                                                              • API String ID: 614378929-0
                                                              • Opcode ID: 47dcad2fd0f013d8e2f3065ec57a2f452cfd4b8072d728ae4a121a96ac7c24bd
                                                              • Instruction ID: e7127f45ec08f945e119c1680545f4af56d6c845c5dc3548e27b3a38dd6894cd
                                                              • Opcode Fuzzy Hash: 47dcad2fd0f013d8e2f3065ec57a2f452cfd4b8072d728ae4a121a96ac7c24bd
                                                              • Instruction Fuzzy Hash: CB0126B26003096BE321CE65DC45A5AFBD8EB8A370F25052DE69587280EB30A909C764
                                                              Function 00F8C000 Relevance: 1.6, APIs: 1, Instructions: 51registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.KERNELBASE(00000010,00000010,00000000,?,?,00F8C28F,00000000,00000010,?,00F8C28F,?,00000010,?), ref: 00F8C028
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: QueryValue
                                                              • String ID:
                                                              • API String ID: 3660427363-0
                                                              • Opcode ID: a8372a6198cbdc678a50034523cd05285a76709064ef9bfbd0e15cfe3b9e9a6b
                                                              • Instruction ID: 42c5845a0660307ff761ba267625df06d6be6ba84a62a9072ea00a92a9f9f003
                                                              • Opcode Fuzzy Hash: a8372a6198cbdc678a50034523cd05285a76709064ef9bfbd0e15cfe3b9e9a6b
                                                              • Instruction Fuzzy Hash: B3015E72600209EBDB249F58D841BEBB3A8EF547A0F10442AED55C7250D772E860D7E0
                                                              Function 6F8377D0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F836080: CreatePen.GDI32(00000002,00000001,00000000), ref: 6F836101
                                                                • Part of subcall function 6F836080: GetDC.USER32(00000000), ref: 6F836111
                                                                • Part of subcall function 6F836080: GetDeviceCaps.GDI32(00000000,00000058), ref: 6F836126
                                                                • Part of subcall function 6F836080: GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83612E
                                                                • Part of subcall function 6F836080: ReleaseDC.USER32(00000000,00000000), ref: 6F836133
                                                                • Part of subcall function 6F836080: MulDiv.KERNEL32(00000004,00000060,00000060), ref: 6F836141
                                                              • GdipCreatePen1.GDIPLUS(FF000000,?,00000000,00000358,?,?,?,?,?), ref: 6F83782F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsCreateDevice$GdipPen1Release
                                                              • String ID:
                                                              • API String ID: 3654138211-0
                                                              • Opcode ID: 738b1d21d1df0d30096cd164fc105be513f00ce4b5d57f5e124fdfbacbbf7fff
                                                              • Instruction ID: 54fb9b5d5fff7d17c667e9670d098f24d51d2771b6f321e7b346bdf9130724c1
                                                              • Opcode Fuzzy Hash: 738b1d21d1df0d30096cd164fc105be513f00ce4b5d57f5e124fdfbacbbf7fff
                                                              • Instruction Fuzzy Hash: 6201D6B11013009BEB509F49C8D8793BFE8FF55318F6481A9E9488F28AC7B99458CFE5
                                                              Function 6CF399CD Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CF3AC33,00000001,00000364,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546), ref: 6CF39A0E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 305b73d3dcb696605724c6be1da547a8816c945a443f9abf0e5935aa4cd03602
                                                              • Instruction ID: b7cb404705c48ef7a4c91a0900c9940e841486766de0367fa73ae5c6f2ce0529
                                                              • Opcode Fuzzy Hash: 305b73d3dcb696605724c6be1da547a8816c945a443f9abf0e5935aa4cd03602
                                                              • Instruction Fuzzy Hash: 9BF0E972A1A6357BFF556F268C04B4B3758AF427B8B217212EC1CE6F80CF20D60486E1
                                                              Function 00FAC751 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00FAD030,00000001,00000364,?,00FA2ED1,00F812B3,00F812B1,?,00F812B1,?,00FA0201,00FA030B), ref: 00FAC792
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 23a0cd9d462680aca2278412210f3bd07801f4b55c348a297e60d7fe2e508778
                                                              • Instruction ID: 4fbc73d31e7dc51bebadbd2e6047528ff00f1919afdb21ee60f9e96bebd0ca47
                                                              • Opcode Fuzzy Hash: 23a0cd9d462680aca2278412210f3bd07801f4b55c348a297e60d7fe2e508778
                                                              • Instruction Fuzzy Hash: D1F0E2F2A042296ADB716F729D45B5A3B59AF87770F188121BC19A7191CB34EC00BEE1
                                                              Function 00F87240 Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00F8725B
                                                                • Part of subcall function 00F87210: GetLastError.KERNEL32(00F8726A,?,?,?,?,00000000), ref: 00F87210
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastRead
                                                              • String ID:
                                                              • API String ID: 1948546556-0
                                                              • Opcode ID: e794eb948695a187c539fb6108601fb694f733a360ecd5b8ab4a92c2dc8982e6
                                                              • Instruction ID: dceab7f5b4700b5df76b941cd04320b495f82b84a4ae4f503e7d04e1de748183
                                                              • Opcode Fuzzy Hash: e794eb948695a187c539fb6108601fb694f733a360ecd5b8ab4a92c2dc8982e6
                                                              • Instruction Fuzzy Hash: 32E0653164521CBBCB10EA549C05BDA77ECEB05361F20815AFC04D7110D6729E14ABD5
                                                              Function 6F816B0F Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb7bf4044edb7d06d7ed120dd72a6b4fa8d02c0681bc87aa2f2daf83fa842569
                                                              • Instruction ID: c821b49ddd9b11f8fa8361eae39c87784c18dfa236c171e0fa45346096f6c9c1
                                                              • Opcode Fuzzy Hash: eb7bf4044edb7d06d7ed120dd72a6b4fa8d02c0681bc87aa2f2daf83fa842569
                                                              • Instruction Fuzzy Hash: 3AE0E63190972777AB259A268806E9B7B58BF02B70B054795BC546F140CB60F954C6E1
                                                              Function 00F86B50 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(?,00000000,?), ref: 00F86B60
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: fdeaab38d20bb4120eac70271b83c109569bd92eff0de8e6ed53ae0053a812b8
                                                              • Instruction ID: 84ad3ae8bc6b3305fa222d8c2b406d06b451aca0528d6774857649a8d4ff0b02
                                                              • Opcode Fuzzy Hash: fdeaab38d20bb4120eac70271b83c109569bd92eff0de8e6ed53ae0053a812b8
                                                              • Instruction Fuzzy Hash: 2AC08C30640208ABD6105F05DC41F62BB9C9B00B40F048020B904C6151D732E811AAA9
                                                              Function 6F8314C0 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6F8314CB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 61b890de0fee73f2269d9d92c12d20c23b8b85022705b120a324e1792a31ae67
                                                              • Instruction ID: 5bb787dc6bd3a0c1eaab78eb8ad9c4ece2cc4482a404a8cd3d376146298daded
                                                              • Opcode Fuzzy Hash: 61b890de0fee73f2269d9d92c12d20c23b8b85022705b120a324e1792a31ae67
                                                              • Instruction Fuzzy Hash: 1BB0923208020CBBCF411A92DC0AF95BF29EB2A764F148061F609080619773E431EAD8
                                                              Function 00F86B30 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00F86B3B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: dfeec8df5d67f1e0ed2ddca925466e571be51055233e9a5eee6834794fd26dfb
                                                              • Instruction ID: b8fa601e4772929df51197bcebe3805f9548d5eefcecd0049484a3b41559a03e
                                                              • Opcode Fuzzy Hash: dfeec8df5d67f1e0ed2ddca925466e571be51055233e9a5eee6834794fd26dfb
                                                              • Instruction Fuzzy Hash: BDB0923204020CBBCA011B95ED46F85BF29EB15754F108021F608180618773A461AE99
                                                              Function 6F836FC0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CommonControlsGdiplusInitStartup
                                                              • String ID:
                                                              • API String ID: 3210526527-0
                                                              • Opcode ID: 98821284fe8310fa23f1a75cec60b64d6053d7a5acf5a4ae5072a33c60e96694
                                                              • Instruction ID: 1ed5e9903f3c6cbcf87dc5562b040a3367b37d2d3f65c18fdcc85928a3fca636
                                                              • Opcode Fuzzy Hash: 98821284fe8310fa23f1a75cec60b64d6053d7a5acf5a4ae5072a33c60e96694
                                                              • Instruction Fuzzy Hash:

                                                              Non-executed Functions

                                                              Function 6F83F020 Relevance: 24.3, APIs: 16, Instructions: 306windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,00000411,00000000,?), ref: 6F83F04F
                                                              • IsWindow.USER32(?), ref: 6F83F074
                                                              • IsWindow.USER32(?), ref: 6F83F080
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F094
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F09E
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F0A8
                                                              • IsRectEmpty.USER32(?), ref: 6F83F11F
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83F136
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83F146
                                                              • PtInRect.USER32(?,?,?), ref: 6F83F17C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Rect$Show$EmptyInflateInvalidateMessageSend
                                                              • String ID:
                                                              • API String ID: 3718063852-0
                                                              • Opcode ID: 54b63d3dc92ca4d37f3d5bd1d683ca250d7e4a33f84bf1221b883630561a3a2e
                                                              • Instruction ID: a92027a5dfdcd168c4d3a95388523247481855c91954d4826ed7745c3634d859
                                                              • Opcode Fuzzy Hash: 54b63d3dc92ca4d37f3d5bd1d683ca250d7e4a33f84bf1221b883630561a3a2e
                                                              • Instruction Fuzzy Hash: 2AC11A72604B049FD724DF69D885B9AB7E1FF88314F004A6EE99E8B250DB31B511CF91
                                                              Function 6F811D50 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 499windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F811670: CreateDXGIFactory1.DXGI(6F822B78,00000000,7430BAFA), ref: 6F8116B4
                                                              • D3D11CreateDevice.D3D11(?,00000000,00000000,00000000,?,00000004,00000007,00000000,?,00000000,7430BAFA), ref: 6F811E37
                                                              • CopyRect.USER32(?,?), ref: 6F812041
                                                              • GetWindowDC.USER32(00000000,?,?), ref: 6F812058
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F812068
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F812073
                                                              • BitBlt.GDI32(6F8122C3,?,000000FF,?,?,00000000,00000000,00000000,40CC0020), ref: 6F8120AD
                                                              • SelectObject.GDI32(00000000,?), ref: 6F8120EE
                                                              • DeleteDC.GDI32(00000000), ref: 6F8120FC
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F812111
                                                              • DeleteObject.GDI32(00000000), ref: 6F81211C
                                                              • EqualRgn.GDI32(00000000), ref: 6F8122E6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateObject$DeleteSelect$CompatibleCopyDeviceEqualFactory1RectReleaseWindow
                                                              • String ID: 0D,k$l)u
                                                              • API String ID: 1238518599-3111322934
                                                              • Opcode ID: c463f97e6e5b3cc170c2be9556da955cd4daa3b1285ae8bafaab29ff4d2e1fbd
                                                              • Instruction ID: 429721b0026c5f2c607373ca45a7486f28f119539f5a000992c580c49f46d897
                                                              • Opcode Fuzzy Hash: c463f97e6e5b3cc170c2be9556da955cd4daa3b1285ae8bafaab29ff4d2e1fbd
                                                              • Instruction Fuzzy Hash: BC12A070D0565ADFEF15CFA8C948BEEBBB4BF49704F104689E815AB240D735EA41CBA0
                                                              Function 6F83CA70 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 99clipboardwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MessageBeep.USER32(00000010), ref: 6F83CBA0
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                              • OpenClipboard.USER32(00000002), ref: 6F83CAAF
                                                              • EmptyClipboard.USER32 ref: 6F83CABD
                                                                • Part of subcall function 6F83BBF0: IsRectEmpty.USER32(?), ref: 6F83BC45
                                                              • SetClipboardData.USER32(00000002,00000000), ref: 6F83CAD2
                                                              • CloseClipboard.USER32 ref: 6F83CAD8
                                                              • EndDialog.USER32(FFFFFFFF,00000000), ref: 6F83CB87
                                                              Strings
                                                              • [[screenshot_plugin.screenshot_copied_to_clipboard]], xrefs: 6F83CB4F
                                                              • ShowBubbles, xrefs: 6F83CAF8
                                                              • Screenshot copied to clipboard, xrefs: 6F83CB3E
                                                              • Lightshot, xrefs: 6F83CB6A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$EmptyWindow$BeepCloseDataDialogMessageOpenRectRedraw
                                                              • String ID: Lightshot$Screenshot copied to clipboard$ShowBubbles$[[screenshot_plugin.screenshot_copied_to_clipboard]]
                                                              • API String ID: 2290979004-1321909856
                                                              • Opcode ID: 9f84bafbfa4a7e4198aae41a23220944399d7fa33ac2da96b9344d79848bf349
                                                              • Instruction ID: 7ffc342289584d49f36082fd277f7370a615213d1f70d5056db2c98292bdd4cd
                                                              • Opcode Fuzzy Hash: 9f84bafbfa4a7e4198aae41a23220944399d7fa33ac2da96b9344d79848bf349
                                                              • Instruction Fuzzy Hash: EF31D0B2E04B14BBCB048BADD805B9DBBE9EB45B24F100AD9F415A72D1CB352910C6E6
                                                              Function 00F8E1A0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PathFileExistsW.SHLWAPI(00000000,77E44823,?,00000000), ref: 00F8E1DE
                                                              • PathIsDirectoryW.SHLWAPI(00000000), ref: 00F8E1F2
                                                              • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00F8E232
                                                              • FindNextFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00F8E369
                                                              • FindClose.KERNEL32(00000000,?,?,00000000), ref: 00F8E378
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FileFind$Path$CloseDirectoryExistsFirstNext
                                                              • String ID: #Hw$#Hw/$*.*
                                                              • API String ID: 2625151124-3019169863
                                                              • Opcode ID: de41896de33c8d04fb643ec9d71e5ba1187920d2f11a768420b549ff71f700a9
                                                              • Instruction ID: 583f010c731f85dc3fe92d61ce3ccc065fad68486284c927096164235201944e
                                                              • Opcode Fuzzy Hash: de41896de33c8d04fb643ec9d71e5ba1187920d2f11a768420b549ff71f700a9
                                                              • Instruction Fuzzy Hash: 9951F772A052059BDB24EF28CC45BEAB7B5FF41724F14829DE80A9B291EB319D45DF40
                                                              Function 6CF28860 Relevance: 10.6, APIs: 7, Instructions: 106clipboardmemoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • OpenClipboard.USER32(00000000), ref: 6CF28891
                                                              • EmptyClipboard.USER32 ref: 6CF288A2
                                                              • GlobalAlloc.KERNEL32(00000002,?), ref: 6CF288BA
                                                              • GlobalLock.KERNEL32(00000000), ref: 6CF288C3
                                                              • GlobalUnlock.KERNEL32(00000000), ref: 6CF2892F
                                                              • SetClipboardData.USER32(00000001,00000000), ref: 6CF28938
                                                              • CloseClipboard.USER32 ref: 6CF2893E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                              • String ID:
                                                              • API String ID: 1677084743-0
                                                              • Opcode ID: 423926276bbeeaaff7721a2f27e125e40c182e0d0fe378a0119ff8be4dc7c220
                                                              • Instruction ID: 91b17a577ef6a4564d57375b2e1a728e59cdfaa955240dfc415a9ccf6b30a9a9
                                                              • Opcode Fuzzy Hash: 423926276bbeeaaff7721a2f27e125e40c182e0d0fe378a0119ff8be4dc7c220
                                                              • Instruction Fuzzy Hash: 60418F71A00605AFDB00DFA8CC44B9ABBB4FF42769F148359E825973D1D7369D01CB51
                                                              Function 00F932B0 Relevance: 9.1, APIs: 6, Instructions: 79keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetAsyncKeyState.USER32(00000011), ref: 00F932DB
                                                              • GetAsyncKeyState.USER32(00000010), ref: 00F932EC
                                                              • GetAsyncKeyState.USER32(00000012), ref: 00F932FD
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00F9330E
                                                              • GetAsyncKeyState.USER32(0000005C), ref: 00F93320
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9337C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AsyncState$TextWindow
                                                              • String ID:
                                                              • API String ID: 1321822843-0
                                                              • Opcode ID: e88b426e222612561fa74100d6a15a9c1596bd4a0a195fa7cf91562376036fa1
                                                              • Instruction ID: 1e221d925127b7a1bd8cfb53d32cea59879cbd556315af3af4b91c393e048149
                                                              • Opcode Fuzzy Hash: e88b426e222612561fa74100d6a15a9c1596bd4a0a195fa7cf91562376036fa1
                                                              • Instruction Fuzzy Hash: 8221F7315416089FFB109F65CC45B66FBE4FF48761F088629E48ACA2A0EB31EA00EF51
                                                              Function 6CF24F20 Relevance: 9.1, APIs: 6, Instructions: 56encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 6CF24F3B
                                                              • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?), ref: 6CF24F56
                                                              • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 6CF24F69
                                                              • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?,00000000), ref: 6CF24F8A
                                                              • CryptDestroyHash.ADVAPI32(?,?,?,00000000), ref: 6CF24F95
                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CF24FA0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Crypt$Hash$Context$AcquireCreateDataDestroyParamRelease
                                                              • String ID:
                                                              • API String ID: 3186506766-0
                                                              • Opcode ID: 1e540d3bed4d583f01ac780e9b457e4f0e370626f4f589a611aa7b74c839c345
                                                              • Instruction ID: 19c26603334e8694dd4a75b8e239bd16cc947d9d8b2f1d421a1dac6082e83d30
                                                              • Opcode Fuzzy Hash: 1e540d3bed4d583f01ac780e9b457e4f0e370626f4f589a611aa7b74c839c345
                                                              • Instruction Fuzzy Hash: ED118075F41218BBEF315B94CC0AF9DBB78EB44B46F204060BE04F6291D7B19E509B90
                                                              Function 6F847F08 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,6F847E41,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F0A
                                                              • GetProcessHeap.KERNEL32(00000000,00000008,00000000,00000000,0000000C,6F847E41,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8), ref: 6F847F2F
                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F36
                                                              • InitializeSListHead.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F43
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F58
                                                              • HeapFree.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F5F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                              • String ID:
                                                              • API String ID: 1475849761-0
                                                              • Opcode ID: d0eff55864a30da10bdb247bf66dc3624a53289a888aed42c5df0d9bd23f7ee3
                                                              • Instruction ID: cdba268c086876291fee91e4fbe7db4036377a7f022577d47729c74a94be0fca
                                                              • Opcode Fuzzy Hash: d0eff55864a30da10bdb247bf66dc3624a53289a888aed42c5df0d9bd23f7ee3
                                                              • Instruction Fuzzy Hash: E1F06271644A059BDF909F798C08B6A76FCAFA6B26F0008A9E951D7380FF34D421C6A0
                                                              Function 6CF326FD Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,6CF32636,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF326FF
                                                              • GetProcessHeap.KERNEL32(00000000,00000008,00000000,00000000,0000000C,6CF32636,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF32724
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF3272B
                                                              • InitializeSListHead.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF32738
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,6CF28B92), ref: 6CF3274D
                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF32754
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                              • String ID:
                                                              • API String ID: 1475849761-0
                                                              • Opcode ID: cd49113aa2048dfd0432f7f19e84b6683d9962102232a9cd7f43034237a6ac82
                                                              • Instruction ID: 2cd42017f5a6f160fa854ebbd9b05a25c317a79dd8bc1e66ced517cdf5dd8b16
                                                              • Opcode Fuzzy Hash: cd49113aa2048dfd0432f7f19e84b6683d9962102232a9cd7f43034237a6ac82
                                                              • Instruction Fuzzy Hash: DEF0AF71B21A11ABDF40AB39880CB0777B8BBA6A1EF114429FA46C3243DB31C4058690
                                                              Function 00FA16AD Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000C,00FA15E6,00000000,00000000,00FA175E,?,?,?,?,?,?,?,?,?,?), ref: 00FA16AF
                                                              • GetProcessHeap.KERNEL32(00000000,00000008,00000000,00000000,0000000C,00FA15E6,00000000,00000000,00FA175E,?), ref: 00FA16D4
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA16DB
                                                              • InitializeSListHead.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA16E8
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA16FD
                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1704
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                              • String ID:
                                                              • API String ID: 1475849761-0
                                                              • Opcode ID: d1e56f18622c2c716a3f994642a0a37a2a9db64beffb6fff63fe40842f955d67
                                                              • Instruction ID: 2cffc2516b9e16e6810d2108632a1e40c21b22ad48ed8ffb3556a80585623059
                                                              • Opcode Fuzzy Hash: d1e56f18622c2c716a3f994642a0a37a2a9db64beffb6fff63fe40842f955d67
                                                              • Instruction Fuzzy Hash: 56F0F0B5A012019BD7619F7DECC9B0777E8BF95722F050429F942D3210DB34C800AE61
                                                              Function 6CF270D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF270F1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: ====$VUUU$VUUU
                                                              • API String ID: 885266447-4289851811
                                                              • Opcode ID: 526f35652ef0258bacf3714855a08322e80c3e9425d407c0105de2c24bce144f
                                                              • Instruction ID: 2c7236398302bd8327ca1b24aa55025bfbcd0b118f6d326ce27bce9b8d78732f
                                                              • Opcode Fuzzy Hash: 526f35652ef0258bacf3714855a08322e80c3e9425d407c0105de2c24bce144f
                                                              • Instruction Fuzzy Hash: A6716F72B0025A4BC71C8DEDC8A02ADBBA1EF84214F14827FE956DB781DA399E05C790
                                                              Function 00F8E740 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F8E761
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: ====$VUUU$VUUU
                                                              • API String ID: 885266447-4289851811
                                                              • Opcode ID: 84427d2b90346d7f5d5d8a92e2d45eac113c0c66f5dcb02ceff8123a690b9158
                                                              • Instruction ID: 943066622ca82e3348b8a66d0d06f8d99d7be6ae313a00982f944fd511165735
                                                              • Opcode Fuzzy Hash: 84427d2b90346d7f5d5d8a92e2d45eac113c0c66f5dcb02ceff8123a690b9158
                                                              • Instruction Fuzzy Hash: 57715C72F0025A4BCB1C9E6C88A12FDBBE6EBC5310B18427EE956DB381DA749E05D750
                                                              Function 6CF276B0 Relevance: 6.1, APIs: 4, Instructions: 91encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF279F0: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,?,?,6CF27707,?,?,?,00000000,?), ref: 6CF27A5E
                                                              • CryptSetKeyParam.ADVAPI32(?,00000001,?,00000000,?,?,?,00000000,?), ref: 6CF27719
                                                              • CryptSetKeyParam.ADVAPI32(?,00000004,?,00000000,?,00000000,?,?,?,00000000,?), ref: 6CF27736
                                                                • Part of subcall function 6CF21A30: GetLastError.KERNEL32(6CF27031), ref: 6CF21A30
                                                              • CryptDestroyKey.ADVAPI32(?,?,?,?,00000000,?), ref: 6CF27765
                                                              • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,00000000,?), ref: 6CF2777C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Crypt$ContextParam$AcquireDestroyErrorLastRelease
                                                              • String ID:
                                                              • API String ID: 1053274798-0
                                                              • Opcode ID: a38df9707a4639cfc1ab3259a00bc4bfe506f5e5a7da2ca6b72128ce7c33e5a9
                                                              • Instruction ID: 7f3f3fc13373a81a07572afb331ab8e8af47f91a588a746547e100fdf9b303b2
                                                              • Opcode Fuzzy Hash: a38df9707a4639cfc1ab3259a00bc4bfe506f5e5a7da2ca6b72128ce7c33e5a9
                                                              • Instruction Fuzzy Hash: 08310671E11209AFDF10DFE9C981BEEBBF8AF08214F10416AE905F2640E7759A049BA5
                                                              Function 6CF277A0 Relevance: 6.1, APIs: 4, Instructions: 91encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF279F0: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,?,?,6CF27707,?,?,?,00000000,?), ref: 6CF27A5E
                                                              • CryptSetKeyParam.ADVAPI32(?,00000001,?,00000000,?,?,?), ref: 6CF27809
                                                              • CryptSetKeyParam.ADVAPI32(?,00000004,?,00000000,?,00000000,?,?,?), ref: 6CF27826
                                                                • Part of subcall function 6CF21A30: GetLastError.KERNEL32(6CF27031), ref: 6CF21A30
                                                              • CryptDestroyKey.ADVAPI32(?,?,?,?), ref: 6CF27855
                                                              • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?), ref: 6CF2786C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Crypt$ContextParam$AcquireDestroyErrorLastRelease
                                                              • String ID:
                                                              • API String ID: 1053274798-0
                                                              • Opcode ID: 8b20716bc5f1f0519742c1e83277c62723dd293c53bf3d654467a7f498489de7
                                                              • Instruction ID: 7423449bb35eb5bae38eecac52edd8861987b60826c63f53134ba8f947a0e48d
                                                              • Opcode Fuzzy Hash: 8b20716bc5f1f0519742c1e83277c62723dd293c53bf3d654467a7f498489de7
                                                              • Instruction Fuzzy Hash: 4A310871E11209AFDF10DFE9C981BDEBBF8EF08214F10416AE905F2640EB759A04CBA5
                                                              Function 6F815D01 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?,6F815CD7,?,6F823680,0000000C,6F815E0A,00000000,00000000,00000001,6F812BAE,6F8234C8,0000000C,6F812A57,?), ref: 6F815D22
                                                              • TerminateProcess.KERNEL32(00000000,?,6F815CD7,?,6F823680,0000000C,6F815E0A,00000000,00000000,00000001,6F812BAE,6F8234C8,0000000C,6F812A57,?), ref: 6F815D29
                                                              • ExitProcess.KERNEL32 ref: 6F815D3B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 9ddce732abf0df1b04205ca59ff6cf5845043a9b3586c462f7a49aadba5d5542
                                                              • Instruction ID: 71ca7bb929085c6d19f44718615c39157768e8a1aa6afff49ea5f3e319955476
                                                              • Opcode Fuzzy Hash: 9ddce732abf0df1b04205ca59ff6cf5845043a9b3586c462f7a49aadba5d5542
                                                              • Instruction Fuzzy Hash: B9E0BF3100464EAFCF05EF68C90EA483B69FF45355B004AE4F81A4E561CB39E952CB90
                                                              Function 6F84D9A1 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(00000000,?,6F84D977,00000000,6F865CB8,0000000C,6F84DABF,00000000,00000002,00000000), ref: 6F84D9C2
                                                              • TerminateProcess.KERNEL32(00000000,?,6F84D977,00000000,6F865CB8,0000000C,6F84DABF,00000000,00000002,00000000), ref: 6F84D9C9
                                                              • ExitProcess.KERNEL32 ref: 6F84D9DB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 4e663da67e9341339451ef6387f67a84356811032b7e0b24e72539f5474415f5
                                                              • Instruction ID: 0ebcdd6fe351fa55facdaf5a21fc79a9c1275e0cfbeb0b5effca8f7ca7680e8b
                                                              • Opcode Fuzzy Hash: 4e663da67e9341339451ef6387f67a84356811032b7e0b24e72539f5474415f5
                                                              • Instruction Fuzzy Hash: BDE0B632045608ABCF82AF54C948A893F6AEF51759B004896F8069F161CB39E962CB90
                                                              Function 6CF38C5B Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?,6CF38C31,?,6CF501A0,0000000C,6CF38D64,00000000,00000000,00000001,6CF31D51,6CF4FF70,0000000C,6CF31BFA,?), ref: 6CF38C7C
                                                              • TerminateProcess.KERNEL32(00000000,?,6CF38C31,?,6CF501A0,0000000C,6CF38D64,00000000,00000000,00000001,6CF31D51,6CF4FF70,0000000C,6CF31BFA,?), ref: 6CF38C83
                                                              • ExitProcess.KERNEL32 ref: 6CF38C95
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 478a0f13086ed6046df8742e2160044708566f5d8c560233b44cde5b93c9c687
                                                              • Instruction ID: 94e6cd62819f729ad38a5124e9bded4d4241a566f03d4c1eb2cc554591aa5400
                                                              • Opcode Fuzzy Hash: 478a0f13086ed6046df8742e2160044708566f5d8c560233b44cde5b93c9c687
                                                              • Instruction Fuzzy Hash: F5E04F31511114FFCF017F54C908B483B79FB8128AF044116F809C6622CB3AE845CAC0
                                                              Function 00FAB764 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(00000003,?,00FAB73A,00000003,00FC7E08,0000000C,00FAB84D,00000003,00000002,00000000,?,00FAC66E,00000003), ref: 00FAB785
                                                              • TerminateProcess.KERNEL32(00000000,?,00FAB73A,00000003,00FC7E08,0000000C,00FAB84D,00000003,00000002,00000000,?,00FAC66E,00000003), ref: 00FAB78C
                                                              • ExitProcess.KERNEL32 ref: 00FAB79E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 7411c277f1319304ba9a0451632f14d2da1e9e02a53b59bb747db5bd277ea453
                                                              • Instruction ID: 56db361ac2d986fa82683fe00d1465015021de240e451f43b1e4fa046c4abf6f
                                                              • Opcode Fuzzy Hash: 7411c277f1319304ba9a0451632f14d2da1e9e02a53b59bb747db5bd277ea453
                                                              • Instruction Fuzzy Hash: 5DE08C7140020DAFCF417F64DC89A883B29EF813A1F008414F8088A232EB79EC82FF50
                                                              Function 00F90300 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetVersionExW.KERNEL32(00000114), ref: 00F90351
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Version
                                                              • String ID: #Hw/
                                                              • API String ID: 1889659487-1770964375
                                                              • Opcode ID: 51650f10dc80402aba540fa7db19df8c605837fce292cfc2fcffb0e7e1d3537a
                                                              • Instruction ID: 744a06d180f145a26f3dd7c899a162b297d8f45058eb8c58dcd6d5590688499b
                                                              • Opcode Fuzzy Hash: 51650f10dc80402aba540fa7db19df8c605837fce292cfc2fcffb0e7e1d3537a
                                                              • Instruction Fuzzy Hash: 85215BB4A003089FD720DF19D882B9AB7F8EF08714F10855EE94987740D775AA45CB90
                                                              Function 6CF279F0 Relevance: 3.1, APIs: 2, Instructions: 71encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,?,?,6CF27707,?,?,?,00000000,?), ref: 6CF27A5E
                                                              • CryptImportKey.ADVAPI32(?,?,0000001C,00000000,00000000,?,?,6CF27707,?,?,?,00000000,?), ref: 6CF27A89
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Crypt$AcquireContextImport
                                                              • String ID:
                                                              • API String ID: 193843291-0
                                                              • Opcode ID: df91dd92de63b6809181ec60aad2f90ba9b76c1336fc11425cd962a02ebc2fec
                                                              • Instruction ID: f1f604d3e0722746c4d37b88fef1f1cdae121bb0ca86520d71daa54b4ff565f6
                                                              • Opcode Fuzzy Hash: df91dd92de63b6809181ec60aad2f90ba9b76c1336fc11425cd962a02ebc2fec
                                                              • Instruction Fuzzy Hash: FC216D75211205AFE754DFA9D800B8ABBF4AF49328F24C46EE508CF651E73AD452DF80
                                                              Function 00F81180 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __onexit
                                                              • String ID: #Hw/$true
                                                              • API String ID: 1448380652-1408953880
                                                              • Opcode ID: 5c3ad895d48d2ea3b064c19745fa070ffc17d3964e4730d0e87f36906af27a52
                                                              • Instruction ID: fa11b748d1f4add548fe407f37d82fd995e255211a0beaf7be9a370755bd3ca6
                                                              • Opcode Fuzzy Hash: 5c3ad895d48d2ea3b064c19745fa070ffc17d3964e4730d0e87f36906af27a52
                                                              • Instruction Fuzzy Hash: F901F171A80648DBD310DBD4EE83FD8B3A0F705714F004229E91A977D1DB39A800ABC2
                                                              Function 00F812E0 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __onexit
                                                              • String ID: #Hw/$null
                                                              • API String ID: 1448380652-2345492186
                                                              • Opcode ID: 6a1b06edcf59f4235339cee5ba0e7e9da288ec6f9a2eb217d937f001eff3d708
                                                              • Instruction ID: 5e50789787f13d910d59fb3c315a00538745acff2fe2597b4002853d4456acbe
                                                              • Opcode Fuzzy Hash: 6a1b06edcf59f4235339cee5ba0e7e9da288ec6f9a2eb217d937f001eff3d708
                                                              • Instruction Fuzzy Hash: 4701F1B0A40708EFD310DBD4EE43FD973A4E706B14F000669E91997BE0DB39A800AB82
                                                              Function 00F81230 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __onexit
                                                              • String ID: #Hw/$false
                                                              • API String ID: 1448380652-2869299545
                                                              • Opcode ID: 36ef4698b6f7ea1e28d0afd0b9a496d4dbbf4b9472349041e526425a162431bb
                                                              • Instruction ID: 69c9a20a1786802e8402d7ed7d92d8f104c43123ec1289bf13339667e45848f8
                                                              • Opcode Fuzzy Hash: 36ef4698b6f7ea1e28d0afd0b9a496d4dbbf4b9472349041e526425a162431bb
                                                              • Instruction Fuzzy Hash: DF01B171A80649DFC304DBD4EE47FD873A4E706B14F00422DE919A77D1DB79A800EB96
                                                              Function 6CF26FD0 Relevance: 1.6, APIs: 1, Instructions: 51encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptEncrypt.ADVAPI32(?,00000001,00000000,?,6CF26DE6,?,6CF26DE6,00000000,?), ref: 6CF27022
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptEncrypt
                                                              • String ID:
                                                              • API String ID: 1352496322-0
                                                              • Opcode ID: 1b9ff9ccf9638750e94f84ff181ba53398d9a6ea3121cab0c13defb8e7618b2f
                                                              • Instruction ID: 6707bdd2a1c1317a302a7aace9b044d6ca8b3a7a52635745b3efc6395422076c
                                                              • Opcode Fuzzy Hash: 1b9ff9ccf9638750e94f84ff181ba53398d9a6ea3121cab0c13defb8e7618b2f
                                                              • Instruction Fuzzy Hash: 420171B670010DABCB00CF99EC80A9AB769FB54315F108026FD0487310E736DD249B61
                                                              Function 00F8E640 Relevance: 1.6, APIs: 1, Instructions: 51encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptEncrypt.ADVAPI32(00000000,00000001,00000000,?,00000000,?), ref: 00F8E692
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptEncrypt
                                                              • String ID:
                                                              • API String ID: 1352496322-0
                                                              • Opcode ID: 54e088821b334d23a40c4d43c2482d083faa6def8d93829172d922599ed48072
                                                              • Instruction ID: 3c84b600e3d360e564c678902fa5360010dc4dd0c0ff6d6112c1409d9583e57a
                                                              • Opcode Fuzzy Hash: 54e088821b334d23a40c4d43c2482d083faa6def8d93829172d922599ed48072
                                                              • Instruction Fuzzy Hash: D401217660020DBFDB10EF55EC81E9AB769FB58321F208566FD0887221E732DD20AF61
                                                              Function 6CF27050 Relevance: 1.6, APIs: 1, Instructions: 50encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDecrypt.ADVAPI32(?,00000001,00000000,?,?), ref: 6CF270A0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDecrypt
                                                              • String ID:
                                                              • API String ID: 2620231605-0
                                                              • Opcode ID: f76c6d8e8f770303b9dbeb863ca78f52d7ce04a3608d25fc17218247e5a2218b
                                                              • Instruction ID: 8aaa5f08e2a09a5c93cb77f441508189d0e47c5ecd6d1dcd35aefabaf45aa22c
                                                              • Opcode Fuzzy Hash: f76c6d8e8f770303b9dbeb863ca78f52d7ce04a3608d25fc17218247e5a2218b
                                                              • Instruction Fuzzy Hash: CD012C7670424CABCB11CF9AE881E9AB7A9EB95320F108166FD058B210D736E924DB65
                                                              Function 00F8E6C0 Relevance: 1.6, APIs: 1, Instructions: 50encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDecrypt.ADVAPI32(?,00000001,00000000,?,?), ref: 00F8E710
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDecrypt
                                                              • String ID:
                                                              • API String ID: 2620231605-0
                                                              • Opcode ID: ffa9860febf52740ea0f6a77be3bf8304a74a85bbea253307f58e7ad430d4cc4
                                                              • Instruction ID: a6d35f6810ff186e8d9ab739fd84f0905aca0d081c7fcbd4c49a3a7533579984
                                                              • Opcode Fuzzy Hash: ffa9860febf52740ea0f6a77be3bf8304a74a85bbea253307f58e7ad430d4cc4
                                                              • Instruction Fuzzy Hash: 1601487660420CABCF11EF55EC41E9A77A9FB95320F108566FD18C7211D732D920EB61
                                                              Function 6CF459D0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDestroyKey.ADVAPI32(00000000), ref: 6CF459DA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDestroy
                                                              • String ID:
                                                              • API String ID: 1712904745-0
                                                              • Opcode ID: 14f015ecdd0749d1510a3bd72cde0365a512f54888199621eb068acc2790e4bd
                                                              • Instruction ID: 10fc440ca8a83d2b87c4600b02482f31c8ea7c81446ee67a39307a225ae9fe79
                                                              • Opcode Fuzzy Hash: 14f015ecdd0749d1510a3bd72cde0365a512f54888199621eb068acc2790e4bd
                                                              • Instruction Fuzzy Hash: 92B092F4B222048BEF80AF2AC84CB013FF9B72261AFC0C004A505C7281C738E408CE50
                                                              Function 6CF459B0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDestroyHash.ADVAPI32(00000000), ref: 6CF459BA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDestroyHash
                                                              • String ID:
                                                              • API String ID: 174375392-0
                                                              • Opcode ID: 596e337887c4447343dd86abaee084501346bc31eca81b29b5b66604083d4952
                                                              • Instruction ID: 93dacd2ba9c16cf5a0bd3362ec5db8e7ff0e75220a11dd142a7fd4d7ba819114
                                                              • Opcode Fuzzy Hash: 596e337887c4447343dd86abaee084501346bc31eca81b29b5b66604083d4952
                                                              • Instruction Fuzzy Hash: 66B09BF4B1530457DF415F18C4487413F757721605FD04004E501D3141C738D044C510
                                                              Function 00FB96F0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDestroyHash.ADVAPI32(00000000), ref: 00FB96FA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDestroyHash
                                                              • String ID:
                                                              • API String ID: 174375392-0
                                                              • Opcode ID: 9bc48138ae31122fa27d7277d1d89903854d99ba80cd2bf5b3a99c224c8a7edf
                                                              • Instruction ID: 69f51508f5be0ddee538087b2bfbb8b9a9057a19767aeae942979532b9cd3439
                                                              • Opcode Fuzzy Hash: 9bc48138ae31122fa27d7277d1d89903854d99ba80cd2bf5b3a99c224c8a7edf
                                                              • Instruction Fuzzy Hash: F1B092B4E04208AFDB009F32EE8DB4236E8B704B99F805248E40DC3260CB79C408FF50
                                                              Function 00FB9710 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDestroyKey.ADVAPI32(00000000), ref: 00FB971A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CryptDestroy
                                                              • String ID:
                                                              • API String ID: 1712904745-0
                                                              • Opcode ID: 4538fa344242b12426634abd3ab7d1e9b7e77f2d3d91a21f6db4b0efeb2700b7
                                                              • Instruction ID: a25a9a7a4cab12b5df01bb2149bee026308a1b7d18f27843790cf3d72ed91b51
                                                              • Opcode Fuzzy Hash: 4538fa344242b12426634abd3ab7d1e9b7e77f2d3d91a21f6db4b0efeb2700b7
                                                              • Instruction Fuzzy Hash: 4EB092F46142488BDB10AF22EE99B813AA8B705781F805106E849C31A0DB78C402FE64
                                                              Function 6F8319C0 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 39d225cad88bd8d1b0df412474b4fa8651da73a150f0d2ba57330a5adffd502a
                                                              • Instruction ID: 076cad6260cf66b33c77c3009694193ee2ea294d0f0a2df9631de4d67844c969
                                                              • Opcode Fuzzy Hash: 39d225cad88bd8d1b0df412474b4fa8651da73a150f0d2ba57330a5adffd502a
                                                              • Instruction Fuzzy Hash: 4BF012325049459FD705CF69C844F15F7E8FB4A624F1087AAE819C7794DB35E8008A90
                                                              Function 6CF21AB0 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8af8160eacc86dd41f66d8b69cac2ca212d86ab41bb35cd8e07ad4ecc62d994e
                                                              • Instruction ID: b4460a154cae8b9ab15462f5ccef28f9a226ef91f320446d11f3a26f6ea1b446
                                                              • Opcode Fuzzy Hash: 8af8160eacc86dd41f66d8b69cac2ca212d86ab41bb35cd8e07ad4ecc62d994e
                                                              • Instruction Fuzzy Hash: 5EF012366049499FD705CF69C844B56F7F8FB49620F10C769E815C7B94DB35D8048A94
                                                              Function 6F811540 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Equal
                                                              • String ID:
                                                              • API String ID: 4016716531-0
                                                              • Opcode ID: 5a96c3d551941f0d23af66e1338f89a9cb294a5897b7d0f460148ad6200156c2
                                                              • Instruction ID: 6a7b9a823567e494488f48ce8427b9699b4e43e975d1768e7fcc93fb13fe87cc
                                                              • Opcode Fuzzy Hash: 5a96c3d551941f0d23af66e1338f89a9cb294a5897b7d0f460148ad6200156c2
                                                              • Instruction Fuzzy Hash: E7F0A072D08648EBCB01CF1CC901B59FBA8E709720F0087AAEC158B741EB3566608690
                                                              Function 6F8117C0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6eec8e39e99a2d061ce0ac77167486fb76580342338455c81d39654965aaa4c5
                                                              • Instruction ID: 672e0094f0074e35caacc6cba938af1e037fa43ed629ccc52a34e5f114b70b9f
                                                              • Opcode Fuzzy Hash: 6eec8e39e99a2d061ce0ac77167486fb76580342338455c81d39654965aaa4c5
                                                              • Instruction Fuzzy Hash: 1DE01275649648DFCB14CF58D840F55B7E8FB09A20F104BAEA815CBB50DB35A800CA90
                                                              Function 6CF292C0 Relevance: 86.1, APIs: 42, Strings: 7, Instructions: 359COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,00000002), ref: 6CF29304
                                                              • GetDC.USER32(00000000), ref: 6CF2930E
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6CF29323
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6CF2932B
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6CF29335
                                                              • MulDiv.KERNEL32(00000016,00000060,00000060), ref: 6CF29346
                                                              • MulDiv.KERNEL32(00000046,00000060,00000060), ref: 6CF29352
                                                              • MulDiv.KERNEL32(0000000A,?,00000060), ref: 6CF2935D
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,?,00000001), ref: 6CF29378
                                                              • SetWindowTextW.USER32(00000000,00000000), ref: 6CF293B5
                                                              • GetDlgItem.USER32(?,000003E9), ref: 6CF293E1
                                                              • MulDiv.KERNEL32(00000016,?,00000060), ref: 6CF293F6
                                                              • MulDiv.KERNEL32(000000FA,00000060,00000060), ref: 6CF29405
                                                              • MulDiv.KERNEL32(0000000A,?,00000060), ref: 6CF29410
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,?,00000001), ref: 6CF2942B
                                                              • GetDlgItem.USER32(?,000003EB), ref: 6CF2943C
                                                              • ShowWindow.USER32(00000000,00000000), ref: 6CF29447
                                                              • MulDiv.KERNEL32(00000016,?,00000060), ref: 6CF2945A
                                                              • MulDiv.KERNEL32(00000050,00000060,00000060), ref: 6CF29466
                                                              • MulDiv.KERNEL32(0000000A,?,00000060), ref: 6CF29471
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,?,00000001), ref: 6CF2948C
                                                              • SetWindowTextW.USER32(00000000,00000000), ref: 6CF294C9
                                                              • GetDlgItem.USER32(?,000003EA), ref: 6CF294F5
                                                              • ShowWindow.USER32(00000000,00000000), ref: 6CF29500
                                                              • MulDiv.KERNEL32(00000016,?,00000060), ref: 6CF29513
                                                              • MulDiv.KERNEL32(000000A0,00000060,00000060), ref: 6CF29522
                                                              • MulDiv.KERNEL32(0000000A,?,00000060), ref: 6CF2952D
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,?,00000001), ref: 6CF2954B
                                                              • GetDlgItem.USER32(?,000003EC), ref: 6CF2955C
                                                              • ShowWindow.USER32(00000000,00000000), ref: 6CF29567
                                                              • MulDiv.KERNEL32(00000016,?,00000060), ref: 6CF2957A
                                                              • MulDiv.KERNEL32(00000046,00000060,00000060), ref: 6CF29586
                                                              • MulDiv.KERNEL32(0000000A,?,00000060), ref: 6CF29591
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,?,00000001), ref: 6CF295AC
                                                              • SetWindowTextW.USER32(00000000,00000000), ref: 6CF295E9
                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 6CF29630
                                                              • GetSystemMetrics.USER32(00000004), ref: 6CF29650
                                                              • MulDiv.KERNEL32(00000168,00000060,00000060), ref: 6CF29664
                                                              • MulDiv.KERNEL32(00000030,?,00000060), ref: 6CF29670
                                                              • GetSystemMetrics.USER32(00000021), ref: 6CF29677
                                                              • GetSystemMetrics.USER32(00000021), ref: 6CF2967D
                                                              • MoveWindow.USER32(?,?,?,?,74DF2D30,00000001), ref: 6CF2969C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Move$Item$System$MetricsShowText$CapsDevice$InfoParametersRelease
                                                              • String ID: Cancel$Copy$Open$[[screenshot_plugin.cancel]]$[[screenshot_plugin.copy]]$[[screenshot_plugin.open]]$`
                                                              • API String ID: 2998791149-1123019899
                                                              • Opcode ID: 1d7198e810525cb517bb0f919bd659d93bac3fae939553c2bdd130ef7432ec78
                                                              • Instruction ID: a27d36e7b00323789e742d14e5ec7d456dc9b5df79692dc4f9161906b29941f5
                                                              • Opcode Fuzzy Hash: 1d7198e810525cb517bb0f919bd659d93bac3fae939553c2bdd130ef7432ec78
                                                              • Instruction Fuzzy Hash: 60D13A75B50208BFEF10ABA4CC49FDEBBB5EB8A724F118114FA00A62D1C77699418F65
                                                              Function 00F94320 Relevance: 72.2, APIs: 22, Strings: 19, Instructions: 495windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,00000143,00000000,00000000), ref: 00F943CC
                                                              • SendMessageW.USER32(?,00000151,00000000,?), ref: 00F943FD
                                                              • SendMessageW.USER32(?,0000014E,75C08FB0,00000000), ref: 00F94483
                                                              • SendMessageW.USER32(?,0000014D,000000FF,English), ref: 00F944B0
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • GetDlgItem.USER32(?,00000408), ref: 00F94538
                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F94589
                                                              • GetDlgItem.USER32(?,00000407), ref: 00F94593
                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F945F4
                                                              • GetDlgItem.USER32(?,00000409), ref: 00F945FE
                                                              • SendMessageW.USER32(75C05540,000000F1,00000001,00000000), ref: 00F9464B
                                                              • GetDlgItem.USER32(?,00000420), ref: 00F94655
                                                              • SendMessageW.USER32(77E44823,000000F1,00000000,00000000), ref: 00F9469F
                                                              • GetDlgItem.USER32(?,00000418), ref: 00F946A9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$Item$ErrorException@8LastThrow
                                                              • String ID: #Hw/$AutoClose$AutoCopy$Automatically close upload window$Automatically copy link after upload$Capture cursor$CaptureCursor$English$Keep selected area position$KeepSelection$Language$Show notification bubbles on copy and save$ShowBubbles$[[screenshot_app.options.autoclose]]$[[screenshot_app.options.autocopy]]$[[screenshot_app.options.capturecursor]]$[[screenshot_app.options.keepselection]]$[[screenshot_app.options.language]]$[[screenshot_app.options.showbubbles]]
                                                              • API String ID: 3480501339-462793013
                                                              • Opcode ID: a4457a692bb0daa4d06aedd97e104dc0ae34123cf5534f1735a6ad9cdfda8b63
                                                              • Instruction ID: ce257a77457abdfc1c6cb62d1f4a00aee28c4b6d5fb3b25a01f3cd195e867131
                                                              • Opcode Fuzzy Hash: a4457a692bb0daa4d06aedd97e104dc0ae34123cf5534f1735a6ad9cdfda8b63
                                                              • Instruction Fuzzy Hash: D602CE70A04705ABDB10EB69CC46FAEB7E5FF45720F148228F025A72E1DB75E901AB61
                                                              Function 00F953F0 Relevance: 70.5, APIs: 24, Strings: 16, Instructions: 466windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(00000001,00000421), ref: 00F95428
                                                              • GetDlgItem.USER32(00000001,00000424), ref: 00F95435
                                                              • SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 00F95472
                                                              • SetWindowTextW.USER32(?,00FBF0F8), ref: 00F95490
                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F954DA
                                                              • EnableWindow.USER32(?,00000000), ref: 00F954E5
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F95581
                                                              • GetDlgItem.USER32(00000001,00000425), ref: 00F955B9
                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00F955FF
                                                              • SetWindowTextW.USER32(?,00FBF0F8), ref: 00F9561A
                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F95664
                                                              • EnableWindow.USER32(?,00000000), ref: 00F95672
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F95712
                                                              • GetDlgItem.USER32(00000001,00000423), ref: 00F9573D
                                                              • GetDlgItem.USER32(00000001,00000426), ref: 00F9574A
                                                              • GetDlgItem.USER32(00000001,00000422), ref: 00F955AC
                                                                • Part of subcall function 00FA1717: GetProcessHeap.KERNEL32(00000008,00000008,?,00F92885,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA171C
                                                                • Part of subcall function 00FA1717: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1723
                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00F95790
                                                              • SetWindowTextW.USER32(?,00FBF0F8), ref: 00F957AB
                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F957F2
                                                              • EnableWindow.USER32(?,00000000), ref: 00F95800
                                                                • Part of subcall function 00F94E10: GetKeyNameTextW.USER32(00000000,00000010,00000064), ref: 00F94F22
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F958A0
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F958F8
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9594D
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F959A2
                                                              Strings
                                                              • Hotkey_savefull_vk, xrefs: 00F956C9
                                                              • Hotkey_main_enabled, xrefs: 00F954AC
                                                              • [[screenshot_app.options.hotkeyuploadfullscreen]], xrefs: 00F95983
                                                              • Hotkey_main_mod, xrefs: 00F95505
                                                              • #Hw/, xrefs: 00F95407
                                                              • Hotkey_uploadfull_vk, xrefs: 00F95857
                                                              • [[screenshot_app.options.hotkeysavefullscreen]], xrefs: 00F9592E
                                                              • General hotkey, xrefs: 00F958C5
                                                              • Hotkey_savefull_mod, xrefs: 00F95692
                                                              • Hotkey_uploadfull_mod, xrefs: 00F95820
                                                              • [[screenshot_app.options.hotkeygeneral]], xrefs: 00F958D9
                                                              • Hotkey_main_vk, xrefs: 00F9553C
                                                              • Instant upload fullscreen, xrefs: 00F9596F
                                                              • Hotkey_uploadfull_enabled, xrefs: 00F957C7
                                                              • Instant save fullscreen, xrefs: 00F9591A
                                                              • Hotkey_savefull_enabled, xrefs: 00F95636
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Text$Item$EnableLongMessageSend$Heap$AllocNameProcess
                                                              • String ID: #Hw/$General hotkey$Hotkey_main_enabled$Hotkey_main_mod$Hotkey_main_vk$Hotkey_savefull_enabled$Hotkey_savefull_mod$Hotkey_savefull_vk$Hotkey_uploadfull_enabled$Hotkey_uploadfull_mod$Hotkey_uploadfull_vk$Instant save fullscreen$Instant upload fullscreen$[[screenshot_app.options.hotkeygeneral]]$[[screenshot_app.options.hotkeysavefullscreen]]$[[screenshot_app.options.hotkeyuploadfullscreen]]
                                                              • API String ID: 1580617557-3870847505
                                                              • Opcode ID: b6b97901b1ddf9541fe119d20fcdba3e5af46884092d09b6576f2bbac8d30333
                                                              • Instruction ID: dc5b0c7437be116529adabc108b65ce66a739368f0abdd2dd58f6ee09a1a1085
                                                              • Opcode Fuzzy Hash: b6b97901b1ddf9541fe119d20fcdba3e5af46884092d09b6576f2bbac8d30333
                                                              • Instruction Fuzzy Hash: 3502A2B0A04706ABDB14AF69DD06B9EB7B5FF44720F144228B025976D1DB34E910EBA2
                                                              Function 00F9B3F0 Relevance: 65.2, APIs: 20, Strings: 17, Instructions: 454windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,0000040C), ref: 00F9B42B
                                                              • GetDlgItem.USER32(?,0000040D), ref: 00F9B438
                                                              • GetDlgItem.USER32(?,0000040E), ref: 00F9B445
                                                              • GetDlgItem.USER32(?,0000040F), ref: 00F9B452
                                                              • GetDlgItem.USER32(?,00000411), ref: 00F9B45F
                                                              • GetDlgItem.USER32(?,00000410), ref: 00F9B46C
                                                              • GetDlgItem.USER32(?,00000412), ref: 00F9B479
                                                              • GetDlgItem.USER32(?,00000428), ref: 00F9B486
                                                              • GetDlgItem.USER32(?,00000429), ref: 00F9B493
                                                              • GetDlgItem.USER32(?,0000042A), ref: 00F9B4A0
                                                                • Part of subcall function 00F9B2A0: SetWindowTextW.USER32(?,?), ref: 00F9B39F
                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F9B501
                                                              • SetWindowTextW.USER32(?,?), ref: 00F9B5D4
                                                              • SetWindowTextW.USER32(?,00000001), ref: 00F9B5DE
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B617
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B670
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B6C6
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B732
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B7BC
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B846
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F9B8BA
                                                              Strings
                                                              • [[screenshot_app.options.configure_system_proxy]], xrefs: 00F9B89B
                                                              • [[screenshot_app.options.proxyport]], xrefs: 00F9B78C
                                                              • Manual proxy configuration, xrefs: 00F9B696
                                                              • [[screenshot_app.options.current_system_proxy]], xrefs: 00F9B816
                                                              • #Hw/, xrefs: 00F9B407
                                                              • Configure, xrefs: 00F9B88A
                                                              • [[screenshot_app.options.noproxy]], xrefs: 00F9B5FB
                                                              • [[screenshot_app.options.manualproxy]], xrefs: 00F9B6A7
                                                              • [[screenshot_app.options.httpsproxy]], xrefs: 00F9B702
                                                              • ProxyType, xrefs: 00F9B4C6
                                                              • ProxyString, xrefs: 00F9B584
                                                              • Port, xrefs: 00F9B77B
                                                              • No proxy, xrefs: 00F9B5EA
                                                              • [[screenshot_app.options.systemproxy]], xrefs: 00F9B651
                                                              • HTTP(S) proxy, xrefs: 00F9B6F1
                                                              • Current system proxy, xrefs: 00F9B805
                                                              • Use system proxy settings, xrefs: 00F9B640
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ItemTextWindow$MessageSend
                                                              • String ID: #Hw/$Configure$Current system proxy$HTTP(S) proxy$Manual proxy configuration$No proxy$Port$ProxyString$ProxyType$Use system proxy settings$[[screenshot_app.options.configure_system_proxy]]$[[screenshot_app.options.current_system_proxy]]$[[screenshot_app.options.httpsproxy]]$[[screenshot_app.options.manualproxy]]$[[screenshot_app.options.noproxy]]$[[screenshot_app.options.proxyport]]$[[screenshot_app.options.systemproxy]]
                                                              • API String ID: 4055436057-4195787706
                                                              • Opcode ID: 4bfee4b1206873a27d02389839e690cab3feb17279cd495f0e41c2d60cb8b16b
                                                              • Instruction ID: b8e9d053aaba598335d112f538b66154568ceea8726509bda4681c7639d4ff2c
                                                              • Opcode Fuzzy Hash: 4bfee4b1206873a27d02389839e690cab3feb17279cd495f0e41c2d60cb8b16b
                                                              • Instruction Fuzzy Hash: CB02A470A04209DBDB01EF69CD4AB9DBBF5EF49310F188168F414AB2A2DB75D904EF61
                                                              Function 00F94500 Relevance: 65.1, APIs: 19, Strings: 18, Instructions: 339windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,00000408), ref: 00F94538
                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00F94589
                                                              • GetDlgItem.USER32(?,00000407), ref: 00F94593
                                                              • EnableWindow.USER32(?,00000000), ref: 00F945E2
                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00F945F4
                                                              • GetDlgItem.USER32(?,00000409), ref: 00F945FE
                                                              • SendMessageW.USER32(75C05540,000000F1,00000001,00000000), ref: 00F9464B
                                                              • GetDlgItem.USER32(?,00000420), ref: 00F94655
                                                              • SendMessageW.USER32(77E44823,000000F1,00000000,00000000), ref: 00F9469F
                                                              • GetDlgItem.USER32(?,00000418), ref: 00F946A9
                                                              • SendMessageW.USER32(75C08FB0,000000F1,00000000,00000000), ref: 00F946F3
                                                              • GetDlgItem.USER32(?,0000040B), ref: 00F946FD
                                                              • GetDlgItem.USER32(?,0000040A), ref: 00F9470A
                                                                • Part of subcall function 00F94320: SendMessageW.USER32(00000000,00000143,00000000,00000000), ref: 00F943CC
                                                                • Part of subcall function 00F94320: SendMessageW.USER32(?,00000151,00000000,?), ref: 00F943FD
                                                              • SetWindowTextW.USER32(FFFFFFFF,00000000), ref: 00F94755
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F947AD
                                                              • SetWindowTextW.USER32(75C05540,00000000), ref: 00F94802
                                                              • SetWindowTextW.USER32(77E44823,00000000), ref: 00F94857
                                                              • SetWindowTextW.USER32(75C08FB0,00000000), ref: 00F948AC
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F94901
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ItemMessageSendWindow$Text$Enable
                                                              • String ID: #Hw/$AutoClose$AutoCopy$Automatically close upload window$Automatically copy link after upload$Capture cursor$CaptureCursor$Keep selected area position$KeepSelection$Language$Show notification bubbles on copy and save$ShowBubbles$[[screenshot_app.options.autoclose]]$[[screenshot_app.options.autocopy]]$[[screenshot_app.options.capturecursor]]$[[screenshot_app.options.keepselection]]$[[screenshot_app.options.language]]$[[screenshot_app.options.showbubbles]]
                                                              • API String ID: 978440912-152754571
                                                              • Opcode ID: 920bb8922c6a7b882c928484e376751acf6f2f4bb1c359f4d164157ee49ab184
                                                              • Instruction ID: afbf210c1e650240e1f9813a0317797f2cf494f6ba0188bd14fe30c65999e69d
                                                              • Opcode Fuzzy Hash: 920bb8922c6a7b882c928484e376751acf6f2f4bb1c359f4d164157ee49ab184
                                                              • Instruction Fuzzy Hash: 72C1D170A04705ABDB10ABA9CC47F9EB7E5FF85720F24821CF025A76E1DB74E900AB55
                                                              Function 00F90820 Relevance: 56.4, APIs: 20, Strings: 12, Instructions: 391windowtimeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F900E0: GetWindowLongW.USER32(?,000000F0), ref: 00F90104
                                                                • Part of subcall function 00F900E0: GetParent.USER32 ref: 00F9011A
                                                                • Part of subcall function 00F900E0: GetWindowRect.USER32(?,?), ref: 00F90135
                                                                • Part of subcall function 00F900E0: GetWindowLongW.USER32(?,000000F0), ref: 00F9014E
                                                                • Part of subcall function 00F900E0: MonitorFromWindow.USER32(?,00000002), ref: 00F90166
                                                              • GetDlgItem.USER32(?,00000427), ref: 00F90869
                                                              • GetDC.USER32(00000000), ref: 00F90883
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F90898
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F908A0
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00F908A7
                                                              • MulDiv.KERNEL32(00000080,00000060,00000060), ref: 00F908BB
                                                              • MulDiv.KERNEL32(00000080,00000060,00000060), ref: 00F908C9
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000216), ref: 00F908DE
                                                              • GetDlgItem.USER32(?,000003E9), ref: 00F908F2
                                                              • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00F90908
                                                              • GetDlgItem.USER32(?,000003EA), ref: 00F90912
                                                              • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00F90922
                                                              • SetWindowTextW.USER32(?,?), ref: 00F90988
                                                              • GetDlgItem.USER32(?,000003EB), ref: 00F90996
                                                              • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00F909AA
                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 00F90A26
                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 00F90A75
                                                              • GetLocalTime.KERNEL32(?), ref: 00F90A92
                                                              • SetWindowTextW.USER32(?,?), ref: 00F90B5F
                                                                • Part of subcall function 00F911A0: lstrlenW.KERNEL32(00F90BA1,?,?,00F90BA1,00000000), ref: 00F911E6
                                                              • SetWindowTextW.USER32(?,00000000), ref: 00F90BF2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$MessageSend$Item$Text$CapsDeviceLong$FromLocalMonitorParentRectReleaseTimelstrlen
                                                              • String ID: Skillbrains.$#Hw/$%company%$%company% All Rights Reserved.$About$Lightshot Terms of Service$[[screenshot_app.about]]$[[screenshot_app.copyright]]$[[screenshot_app.terms]]$`$https://app.prntscr.com/$privacy.html
                                                              • API String ID: 1374519431-1328465678
                                                              • Opcode ID: fdc6399d0a45034ad39be7ed80bb863176f145c71ae2491565556ed105aaaace
                                                              • Instruction ID: 8439e93d50d5f073295207bfcf197fbb8912c6cb8c5b453a33a5d71c4e20aa66
                                                              • Opcode Fuzzy Hash: fdc6399d0a45034ad39be7ed80bb863176f145c71ae2491565556ed105aaaace
                                                              • Instruction Fuzzy Hash: 86E17131A00249EFEB01EBA8CC45F9DBBB5AF45314F1882A9F405EB2A2DB759D04DB51
                                                              Function 6F83D6F0 Relevance: 54.6, APIs: 25, Strings: 6, Instructions: 363windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MessageBeep.USER32(00000010), ref: 6F83DC84
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                              • GetWindowDC.USER32(00000000,6EB740BD,8007000E,8007000E,00000000), ref: 6F83D770
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83D781
                                                                • Part of subcall function 6F83BBF0: IsRectEmpty.USER32(?), ref: 6F83BC45
                                                              • SelectObject.GDI32(00000000,?), ref: 6F83D7A4
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEA6
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEB6
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004,?,?,6EB740BD,8007000E), ref: 6F83BF09
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004), ref: 6F83BF13
                                                              • GetActiveWindow.USER32 ref: 6F83D825
                                                              • PrintDlgExW.COMDLG32(00000054), ref: 6F83D84F
                                                              • GetDeviceCaps.GDI32(?,0000006E), ref: 6F83D8EA
                                                              • GetDeviceCaps.GDI32(?,0000006F), ref: 6F83D8F5
                                                              • GetDeviceCaps.GDI32(?,00000070), ref: 6F83D8FC
                                                              • GetDeviceCaps.GDI32(?,00000071), ref: 6F83D907
                                                              • GlobalLock.KERNEL32(?), ref: 6F83D9CC
                                                              • GlobalUnlock.KERNEL32(?), ref: 6F83D9EB
                                                              • GetActiveWindow.USER32 ref: 6F83DAC6
                                                              • _wcsstr.LIBVCRUNTIME ref: 6F83DB11
                                                              • StartDocW.GDI32(?,00000014), ref: 6F83DB81
                                                              • StartPage.GDI32(?), ref: 6F83DB88
                                                              • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 6F83DBC6
                                                              • EndPage.GDI32(?), ref: 6F83DBCD
                                                              • EndDoc.GDI32(?), ref: 6F83DBD4
                                                              • DeleteDC.GDI32(?), ref: 6F83DBDB
                                                              • EndDialog.USER32(00000007,00000000), ref: 6F83DBEC
                                                              • SelectObject.GDI32(00000000,?), ref: 6F83DC41
                                                              • DeleteObject.GDI32(?), ref: 6F83DC4D
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F83DC6F
                                                              • DeleteDC.GDI32(00000000), ref: 6F83DC7A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$CapsDevice$DeleteObject$ActiveGlobalPageSelectShowStart$BeepCompatibleCreateDialogEmptyLockMessagePrintRectRedrawReleaseStretchUnlock_wcsstr
                                                              • String ID: .pdf$.xps$Adobe PDF$Microsoft XPS Document Writer$PDF Document (*.pdf)$XPS Document (*.xps)
                                                              • API String ID: 3145333753-3151744898
                                                              • Opcode ID: 76283da024a019accf514fc1557ca08ef7d081f786d1940ce5f92ef348139571
                                                              • Instruction ID: 7b6c1f826e92ba6f2d42f6610903028b03c83bcb49e2a4148bb737fa3398327a
                                                              • Opcode Fuzzy Hash: 76283da024a019accf514fc1557ca08ef7d081f786d1940ce5f92ef348139571
                                                              • Instruction Fuzzy Hash: 7BF18CB2D006289FCF608F68CD84B9EBBB5BF45315F0045D9E609AB291DB349E94CF94
                                                              Function 6CF2A490 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 224windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(00000001,00000002), ref: 6CF2A4CF
                                                              • ShowWindow.USER32(00000000,00000000,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A4DA
                                                              • GetDlgItem.USER32(00000001,000003E9), ref: 6CF2A4E4
                                                              • ShowWindow.USER32(00000000,00000000,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A4E9
                                                              • GetDlgItem.USER32(00000001,000003EA), ref: 6CF2A4F3
                                                              • SetWindowTextW.USER32(00000000,?), ref: 6CF2A50C
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A515
                                                              • SendMessageW.USER32(00000000,000000B1,00000000,00000001), ref: 6CF2A528
                                                              • SendMessageW.USER32(00000000,000000B7,00000000,00000000), ref: 6CF2A534
                                                              • SetFocus.USER32(00000000,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A537
                                                              • GetDlgItem.USER32(00000001,000003EB), ref: 6CF2A54E
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A555
                                                              • GetDlgItem.USER32(00000001,000003EC), ref: 6CF2A566
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A56D
                                                              • SetWindowPos.USER32(00000001,00000000,00000000,00000000,00000000,00000000,00000013,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A585
                                                              • FlashWindow.USER32(00000001,00000001), ref: 6CF2A593
                                                              • SetFocus.USER32(00000001,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A59F
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5A8
                                                              • ShowWindow.USER32(00000000,00000000,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5B1
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5C0
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5C5
                                                              • ShowWindow.USER32(00000000,00000000,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5CA
                                                              • ShowWindow.USER32(00000000,00000005,?,00000010,74DF3170,6CF29958,?), ref: 6CF2A5CF
                                                                • Part of subcall function 6CF296C0: GetDlgItem.USER32(?,000003EA), ref: 6CF296ED
                                                                • Part of subcall function 6CF25B80: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,00000000,?,80000001,00000000,0002001F), ref: 6CF25CB1
                                                                • Part of subcall function 6CF25B80: RegCloseKey.ADVAPI32(00000000), ref: 6CF25CC6
                                                                • Part of subcall function 6CF25B80: RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 6CF25CE0
                                                                • Part of subcall function 6CF244D0: FindWindowW.USER32(00000000,Lightshot_Tray_Wnd), ref: 6CF24511
                                                                • Part of subcall function 6CF244D0: SendMessageW.USER32(00000000,0000004A,?,00000001), ref: 6CF2461E
                                                              • PostMessageW.USER32(00000001,00000012,00000000,00000000), ref: 6CF2A6CF
                                                              Strings
                                                              • AutoClose, xrefs: 6CF2A62A
                                                              • Lightshot, xrefs: 6CF2A6AD
                                                              • Screenshot uploaded. Link copied to your clipboard., xrefs: 6CF2A681
                                                              • [[screenshot_plugin.screenshot_uploaded_link_copied]], xrefs: 6CF2A692
                                                              • AutoCopy, xrefs: 6CF2A5E8
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$Item$Message$Send$CloseFocus$FindFlashPostQueryTextValue
                                                              • String ID: AutoClose$AutoCopy$Lightshot$Screenshot uploaded. Link copied to your clipboard.$[[screenshot_plugin.screenshot_uploaded_link_copied]]
                                                              • API String ID: 1770884317-3881480064
                                                              • Opcode ID: ccf231f69b5cfb1546d9a1f4f8b287c02426a83c1d48364ea7e9be8f2efde156
                                                              • Instruction ID: 5ff24b94f3cf1ca74c5fab8314db146d82b04ea8241c732dcd778d104a7430b0
                                                              • Opcode Fuzzy Hash: ccf231f69b5cfb1546d9a1f4f8b287c02426a83c1d48364ea7e9be8f2efde156
                                                              • Instruction Fuzzy Hash: 2A71B470A00654BBDF11ABA8CC49FDEBFB4EF46714F148258F504A72D1C7795E048BA6
                                                              Function 6F83AE30 Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 254windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SelectObject.GDI32(?,?), ref: 6F83AE7A
                                                                • Part of subcall function 6F832740: GetObjectW.GDI32(00000000,00000018,?), ref: 6F832791
                                                                • Part of subcall function 6F832740: GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,?), ref: 6F8327BD
                                                                • Part of subcall function 6F832740: GdipCreateImageAttributes.GDIPLUS ref: 6F8328C9
                                                                • Part of subcall function 6F832740: GdipSetImageAttributesColorMatrix.GDIPLUS(?,00000001,00000001,?,00000000,00000000), ref: 6F8328E4
                                                                • Part of subcall function 6F832740: GdipGetImagePixelFormat.GDIPLUS(00000000,?), ref: 6F8328FD
                                                                • Part of subcall function 6F832740: GdipCreateBitmapFromScan0.GDIPLUS(00000000,00000000,00000000,?,00000000,?), ref: 6F83291A
                                                              • DeleteObject.GDI32(?), ref: 6F83AEAE
                                                              • SelectObject.GDI32(?), ref: 6F83AEC1
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83AEED
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83AEF3
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83AEFA
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83AF00
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83AF07
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83AF0C
                                                              • SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83AF13
                                                              • GetObjectW.GDI32(?,00000018,?), ref: 6F83AF3D
                                                              • GdipDeleteGraphics.GDIPLUS(?,?,00000000), ref: 6F83AF71
                                                              • GdipFree.GDIPLUS(?,?,00000000), ref: 6F83AF78
                                                              • SelectObject.GDI32(?,?), ref: 6F83AF94
                                                              • DeleteObject.GDI32(?), ref: 6F83AFA0
                                                              • GetWindowDC.USER32(00000000), ref: 6F83AFB6
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F83AFC1
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83AFCC
                                                              • CreateBitmap.GDI32(00000000,00000000,00000001,00000000,00000000), ref: 6F83AFE5
                                                              • SelectObject.GDI32(?,00000000), ref: 6F83AFF8
                                                              • SetRectEmpty.USER32(000000A4), ref: 6F83B08C
                                                              • SetRectEmpty.USER32(00000000), ref: 6F83B08F
                                                              • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 6F83B0C5
                                                              • UnionRect.USER32(00000000,?,?), ref: 6F83B126
                                                              • EqualRect.USER32(00000000,?), ref: 6F83B134
                                                              • SetRectEmpty.USER32(011CB094), ref: 6F83B14C
                                                              • SetRectEmpty.USER32(011CAFF0), ref: 6F83B14F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ObjectRect$Gdip$MetricsSystem$CreateEmptySelect$BitmapDeleteImage$AttributesFrom$CapsColorDeviceEqualFormatFreeGraphicsMatrixPixelReleaseScan0UnionWindow
                                                              • String ID: KeepSelection
                                                              • API String ID: 2136932455-3226883754
                                                              • Opcode ID: d1854b5d1fdf142fd62866fb7745fac0bda951b6ec1fa118fed9812cf71977e9
                                                              • Instruction ID: 2349d0eec244c455c77d771d4e407eddcaff071a7ed6b3b627f6047f984dfd9a
                                                              • Opcode Fuzzy Hash: d1854b5d1fdf142fd62866fb7745fac0bda951b6ec1fa118fed9812cf71977e9
                                                              • Instruction Fuzzy Hash: 12A15FB1D00218AFDF50DFA4C884BDEBBB9FF48710F0445AAE909AB281D7356914CFA0
                                                              Function 6F83BBF0 Relevance: 40.7, APIs: 27, Instructions: 222windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F837F20: UnionRect.USER32(?,?,00000000), ref: 6F837F72
                                                                • Part of subcall function 6F837F20: UnionRect.USER32(?,?,00000000), ref: 6F837F90
                                                              • IsRectEmpty.USER32(?), ref: 6F83BC45
                                                              • GetWindowDC.USER32(00000000), ref: 6F83BC8D
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F83BC94
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83BC9F
                                                              • CreateBitmap.GDI32(6F859B32,000000FF,00000001,00000000,00000000), ref: 6F83BCB8
                                                              • GetWindowDC.USER32(00000000), ref: 6F83BCCC
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83BCD8
                                                              • CreateCompatibleDC.GDI32(?), ref: 6F83BCE2
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F83BCE9
                                                              • SetBkColor.GDI32(00000000,00FFFFFF), ref: 6F83BD1E
                                                              • ExtTextOutW.GDI32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 6F83BD38
                                                              • SetBkColor.GDI32(00000000,00000000), ref: 6F83BD40
                                                              • BitBlt.GDI32(00000000,?,?,?,?,?,?,?,00CC0020), ref: 6F83BD6D
                                                                • Part of subcall function 6F83BB10: GetWindowDC.USER32(00000000,?,?,?,?,?,6F83BC57,?), ref: 6F83BB3C
                                                                • Part of subcall function 6F83BB10: GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F83BB43
                                                                • Part of subcall function 6F83BB10: ReleaseDC.USER32(00000000,00000000), ref: 6F83BB4E
                                                                • Part of subcall function 6F83BB10: CreateBitmap.GDI32(6F83BC57,?,00000001,00000000,00000000), ref: 6F83BB6D
                                                                • Part of subcall function 6F83BB10: GetWindowDC.USER32(00000000,?,?,6F83BC57,?), ref: 6F83BB7A
                                                                • Part of subcall function 6F83BB10: CreateCompatibleDC.GDI32(00000000), ref: 6F83BB80
                                                                • Part of subcall function 6F83BB10: SelectObject.GDI32(00000000,?), ref: 6F83BB91
                                                                • Part of subcall function 6F83BB10: BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,6F83BC57,?,00CC0020), ref: 6F83BBB6
                                                                • Part of subcall function 6F83BB10: SelectObject.GDI32(00000000,00000000), ref: 6F83BBBE
                                                                • Part of subcall function 6F83BB10: DeleteDC.GDI32(00000000), ref: 6F83BBC5
                                                                • Part of subcall function 6F83BB10: ReleaseDC.USER32(00000000,?), ref: 6F83BBD0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Create$Window$CompatibleObjectRectReleaseSelect$BitmapCapsColorDeviceUnion$DeleteEmptyText
                                                              • String ID:
                                                              • API String ID: 39245485-0
                                                              • Opcode ID: 0c19b2f443dbec622a804adeba95796325c521d8bb561b8e5b40d21c2ca394ea
                                                              • Instruction ID: adb68cd0fbc79ea02329c66373363b3dbe1fd78c7fa8878b7fb4473b3eb892e4
                                                              • Opcode Fuzzy Hash: 0c19b2f443dbec622a804adeba95796325c521d8bb561b8e5b40d21c2ca394ea
                                                              • Instruction Fuzzy Hash: 21810371E00618AFDF50DFE8C888F9EBBF9FB49720F104159E615AB280DB74A915CB90
                                                              Function 6F83ECC0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 218windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 6F83ECEF
                                                                • Part of subcall function 6F835490: new.LIBCMT ref: 6F8354AD
                                                                • Part of subcall function 6F835490: GetParent.USER32(?), ref: 6F8354ED
                                                              • SetWindowLongW.USER32(?,000000F0,80000000), ref: 6F83ED39
                                                              • SetWindowLongW.USER32(?,000000EC,00000008), ref: 6F83ED42
                                                              • GetSystemMetrics.USER32 ref: 6F83ED68
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83ED6E
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83ED75
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83ED7B
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83ED82
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83ED87
                                                              • SetRect.USER32(00000000,00000000), ref: 6F83ED8E
                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000040), ref: 6F83EDCD
                                                              • ShowWindow.USER32(?,00000005), ref: 6F83EDD4
                                                              • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000043), ref: 6F83EDE9
                                                              • SetForegroundWindow.USER32(?), ref: 6F83EDEE
                                                              • SetFocus.USER32(?), ref: 6F83EDF7
                                                              • UpdateWindow.USER32(?), ref: 6F83EE00
                                                              • SetLastError.KERNEL32(0000000E), ref: 6F83EE2F
                                                              • SetLastError.KERNEL32(0000000E), ref: 6F83EE84
                                                                • Part of subcall function 6F835670: GetCursorPos.USER32(?), ref: 6F83568B
                                                                • Part of subcall function 6F835670: ScreenToClient.USER32(00000000,00000000), ref: 6F835698
                                                                • Part of subcall function 6F835670: ClientToScreen.USER32(00000000,?), ref: 6F8356B1
                                                                • Part of subcall function 6F835670: SendMessageW.USER32(00000000,00000412,00000000), ref: 6F8356D4
                                                                • Part of subcall function 6F835670: SendMessageW.USER32(00000000,00000411,00000001), ref: 6F8356E6
                                                                • Part of subcall function 6F835670: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 6F8356FB
                                                                • Part of subcall function 6F835CF0: GetCurrentThreadId.KERNEL32 ref: 6F835D05
                                                                • Part of subcall function 6F835CF0: EnterCriticalSection.KERNEL32(6F86A5A4,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?,?,6F836986,00000002,00000000,00000000), ref: 6F835D13
                                                                • Part of subcall function 6F835CF0: LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?,?,6F836986,00000002,00000000,00000000), ref: 6F835D2C
                                                              • CreateDialogParamW.USER32(00000072,?,Function_0000A000,00000000,?), ref: 6F83EE5B
                                                                • Part of subcall function 6F835CF0: RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,00000000,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?), ref: 6F835D43
                                                              • CreateDialogParamW.USER32(00000096,?,Function_0000A000,00000000,?), ref: 6F83EEB3
                                                              • CreateDialogParamW.USER32(00000097,?,Function_0000A000,00000000,?), ref: 6F83EF0B
                                                                • Part of subcall function 6F847F72: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6F842CEC,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F77
                                                                • Part of subcall function 6F847F72: HeapAlloc.KERNEL32(00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F7E
                                                              • SetLastError.KERNEL32(0000000E), ref: 6F83EEDC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$MetricsSystem$CreateDialogErrorLastParam$ClientCriticalHeapLongMessageScreenSectionSend$AllocCurrentCursorEnterExceptionFocusForegroundLeaveParentProcessRaiseRectShowThreadUpdate
                                                              • String ID: KeepSelection
                                                              • API String ID: 1307494262-3226883754
                                                              • Opcode ID: 2de34f941b842f33a15e88d4b707bd288cdd059794a270bce562b55a0c1a7b17
                                                              • Instruction ID: aa95053744517d9f82ba325b7a963edc37dc626ab5ae6587d1289308e3fd3e02
                                                              • Opcode Fuzzy Hash: 2de34f941b842f33a15e88d4b707bd288cdd059794a270bce562b55a0c1a7b17
                                                              • Instruction Fuzzy Hash: C781CE72900718EBEF109FA4CD45F9A7BB4EF04714F1049A5F908AE2E0DBB5A914CBA4
                                                              Function 6F841090 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 237windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F8410E4
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F8410EA
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F8410F1
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F8410F7
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F8410FE
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F841103
                                                              • SetRect.USER32(00000000,00000000,?,00000000), ref: 6F84110A
                                                              • GetObjectW.GDI32(6F86A4C8,00000018,00000000), ref: 6F841130
                                                              • GetWindowDC.USER32(00000000,?,00000000), ref: 6F841175
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F841186
                                                              • SelectObject.GDI32(00000000,6F86A4C8), ref: 6F841194
                                                              • GetStockObject.GDI32(00000000), ref: 6F8411C2
                                                              • FillRect.USER32(00000000,00000000,00000000), ref: 6F8411CE
                                                              • SetLastError.KERNEL32(00000000,?,00000000), ref: 6F8411D6
                                                              • BitBlt.GDI32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,40CC0020), ref: 6F8411FD
                                                                • Part of subcall function 6F841AA0: EqualRgn.GDI32(00000000,00000000), ref: 6F841B5B
                                                                • Part of subcall function 6F841AA0: DeleteObject.GDI32(00000000), ref: 6F841B6D
                                                                • Part of subcall function 6F841AA0: DeleteObject.GDI32(00000000), ref: 6F841B78
                                                              • GetCursorInfo.USER32(?,6F85FC68), ref: 6F8412D7
                                                              • GetIconInfo.USER32(00000000,?), ref: 6F8412EE
                                                              • DrawIcon.USER32(00000000,?,?,00000000), ref: 6F84130A
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F841312
                                                              • DeleteDC.GDI32(00000000), ref: 6F84131D
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F841328
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsObjectSystem$Delete$IconInfoRectSelect$CompatibleCreateCursorDrawEqualErrorFillLastReleaseStockWindow
                                                              • String ID: CaptureCursor
                                                              • API String ID: 4058176796-1134186943
                                                              • Opcode ID: 9108305cdd8e8222da868c202e49deef6ccfc52ac39b73005b34e24fca63afcc
                                                              • Instruction ID: 68a91af2ea1a39c2ff2d831a6e93d3413552ca9ac612fc220585fc46bfbd9372
                                                              • Opcode Fuzzy Hash: 9108305cdd8e8222da868c202e49deef6ccfc52ac39b73005b34e24fca63afcc
                                                              • Instruction Fuzzy Hash: 44912A71E00618AFDF41DFA8C948BAEBBB4FF09314F104599E905EB280D7799915CBA1
                                                              Function 00F959E0 Relevance: 37.1, APIs: 5, Strings: 16, Instructions: 372windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00F95A3F
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F95A82
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F95ABF
                                                              • MessageBoxW.USER32(?,?,?,00000000), ref: 00F95B6B
                                                              • MessageBoxW.USER32(?,00000000,00000000,00000000), ref: 00F95C89
                                                              Strings
                                                              • Hotkey_savefull_vk, xrefs: 00F95D7E
                                                              • Hotkey_main_enabled, xrefs: 00F95E28
                                                              • Hotkey_main_mod, xrefs: 00F95CD9
                                                              • #Hw/, xrefs: 00F959F7
                                                              • Hotkey_uploadfull_vk, xrefs: 00F95DEE
                                                              • One of your hotkeys is invalid. If you want to disable that hotkey, please uncheck corresponding checkbox., xrefs: 00F95B38
                                                              • Hotkey_savefull_mod, xrefs: 00F95D49
                                                              • Hotkey_uploadfull_mod, xrefs: 00F95DB9
                                                              • Hotkey_main_vk, xrefs: 00F95D0E
                                                              • Hotkey_uploadfull_enabled, xrefs: 00F95E98
                                                              • Error, xrefs: 00F95AFD, 00F95C1B
                                                              • [[screenshot_plugin.error_capt]], xrefs: 00F95B11, 00F95C2F
                                                              • [[screenshot_app.options.error_hotkeyequal]], xrefs: 00F95C67
                                                              • You can not set the same hotkeys for different functions. Please change one of the hotkeys., xrefs: 00F95C56
                                                              • [[screenshot_app.options.error_hotkeyinvalid]], xrefs: 00F95B49
                                                              • Hotkey_savefull_enabled, xrefs: 00F95E60
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Message$Send
                                                              • String ID: #Hw/$Error$Hotkey_main_enabled$Hotkey_main_mod$Hotkey_main_vk$Hotkey_savefull_enabled$Hotkey_savefull_mod$Hotkey_savefull_vk$Hotkey_uploadfull_enabled$Hotkey_uploadfull_mod$Hotkey_uploadfull_vk$One of your hotkeys is invalid. If you want to disable that hotkey, please uncheck corresponding checkbox.$You can not set the same hotkeys for different functions. Please change one of the hotkeys.$[[screenshot_app.options.error_hotkeyequal]]$[[screenshot_app.options.error_hotkeyinvalid]]$[[screenshot_plugin.error_capt]]
                                                              • API String ID: 954663948-1687218264
                                                              • Opcode ID: 1539dbd072d51e6aa2ea860da7994e49356d7f1673ff62f783c8b515a9bf0e47
                                                              • Instruction ID: 83e0340d2b704cd89b2345442de2d249847f5ff476b1e02ff889f3abe0d3a47d
                                                              • Opcode Fuzzy Hash: 1539dbd072d51e6aa2ea860da7994e49356d7f1673ff62f783c8b515a9bf0e47
                                                              • Instruction Fuzzy Hash: EDD1D771E04349ABDF15EBA8CC42BDDBBF0AF49720F284258F425772C1D7749904ABA6
                                                              Function 6F843D20 Relevance: 37.1, APIs: 13, Strings: 8, Instructions: 313COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetWindowLongW.USER32(?,000000F0,42000000), ref: 6F843D54
                                                              • GetDlgItem.USER32(?,00000404), ref: 6F843D77
                                                              • SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 6F843DBA
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 6F843E2D
                                                              • GetDlgItem.USER32(?,00000402), ref: 6F843E44
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 6F843F0A
                                                              • GetDlgItem.USER32(?,00000405), ref: 6F843F21
                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 6F843F67
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 6F843FD9
                                                              • GetDlgItem.USER32(?,00000406), ref: 6F843FF0
                                                              • SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 6F843E90
                                                                • Part of subcall function 6F847F72: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6F842CEC,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F77
                                                                • Part of subcall function 6F847F72: HeapAlloc.KERNEL32(00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F7E
                                                              • SetWindowLongW.USER32(?,000000FC,00000000), ref: 6F844036
                                                              • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 6F8440A7
                                                                • Part of subcall function 6F847F72: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847FC3
                                                                • Part of subcall function 6F847F72: HeapFree.KERNEL32(00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847FCA
                                                              Strings
                                                              • [[screenshot_plugin.share_facebook]], xrefs: 6F843ECE
                                                              • Share on Pinterest, xrefs: 6F844058
                                                              • [[screenshot_plugin.share_vk]], xrefs: 6F843F9D
                                                              • Share on Facebook, xrefs: 6F843EBA
                                                              • Share on VK, xrefs: 6F843F89
                                                              • Share on Twitter, xrefs: 6F843DDD
                                                              • [[screenshot_plugin.share_pinterest]], xrefs: 6F84406C
                                                              • [[screenshot_plugin.share_twitter]], xrefs: 6F843DF1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$HeapItemMove$Process$AllocFree
                                                              • String ID: Share on Facebook$Share on Pinterest$Share on Twitter$Share on VK$[[screenshot_plugin.share_facebook]]$[[screenshot_plugin.share_pinterest]]$[[screenshot_plugin.share_twitter]]$[[screenshot_plugin.share_vk]]
                                                              • API String ID: 4236667014-3040561173
                                                              • Opcode ID: 7e07f8ad3eca03ba813738aa0cc0a2912aaa86fad0e91705e97a06c088283c43
                                                              • Instruction ID: 9163942bd32a3ce60448c1c9e049618ddac96b2833c01813e9a18196394e243c
                                                              • Opcode Fuzzy Hash: 7e07f8ad3eca03ba813738aa0cc0a2912aaa86fad0e91705e97a06c088283c43
                                                              • Instruction Fuzzy Hash: B9C14E70600B06BFDB14CF68C945A6ABBF5FF09714F104A69E4599BA90DB31F920CBE1
                                                              Function 6F83B2C0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 292COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,?,75296CE0), ref: 6F83B2DF
                                                              • GetDC.USER32(00000000), ref: 6F83B2EE
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83B303
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83B30B
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83B310
                                                              • MulDiv.KERNEL32(00000005,00000060,00000060), ref: 6F83B324
                                                              • MulDiv.KERNEL32(00000002,00000060,00000060), ref: 6F83B32E
                                                              • MulDiv.KERNEL32(00000004,00000060,00000060), ref: 6F83B338
                                                              • GdipSetSmoothingMode.GDIPLUS(?,00000002,?), ref: 6F83B365
                                                              • GdipMeasureString.GDIPLUS(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F83B3F1
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83B499
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83B49F
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83B4A6
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83B4AC
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83B4B3
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83B4B8
                                                              • SetRect.USER32(00000000,00000000), ref: 6F83B4BF
                                                              • GdipDrawString.GDIPLUS(?,?,?,00000000,?,00000000,00000000), ref: 6F83B5AD
                                                              • SetRect.USER32(?,00000000,00000000,00000000,00000000), ref: 6F83B5F1
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F83B5FE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Gdip$CapsCounterDevicePerformanceQueryRectString$DrawMeasureModeReleaseSmoothing
                                                              • String ID: `
                                                              • API String ID: 986513345-2679148245
                                                              • Opcode ID: 9b44945ff8ca6b95ee5f5b003a158db16dbb7eab996ba9d2389f4988eda08a54
                                                              • Instruction ID: b50c43df15aed6f228408a2d20b006e4e30107bb1539fb1e19d5d42a862ac5ba
                                                              • Opcode Fuzzy Hash: 9b44945ff8ca6b95ee5f5b003a158db16dbb7eab996ba9d2389f4988eda08a54
                                                              • Instruction Fuzzy Hash: 15C112B1E01619EFDB008FA5C889BEEBBB4FF49310F158599E905BB294D7355860CF90
                                                              Function 6F846290 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 285memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoTaskMemAlloc.OLE32(00000000,6EB740BD,00000000,00000000), ref: 6F846319
                                                              • _wcsstr.LIBVCRUNTIME ref: 6F846386
                                                              • CharNextW.USER32(?,00000000), ref: 6F846399
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6F84639E
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6F8463A3
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6F8463A8
                                                              • CharNextW.USER32(?,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F8463EC
                                                              • CharNextW.USER32(?,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F846401
                                                              • CharNextW.USER32(00000000,}},00000009,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F846477
                                                              • CharNextW.USER32(00000000,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F84649E
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F8464B2
                                                              • CharNextW.USER32(?,00000000,00000000,?,00000001,6EB740BD), ref: 6F846538
                                                              • CharNextW.USER32(?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F846553
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,6EB740BD,00000000,00000000), ref: 6F846570
                                                              • CoTaskMemFree.OLE32(00000000,6EB740BD,00000000,00000000), ref: 6F84658E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext$Task$Free$Alloc_wcsstr
                                                              • String ID: }}$HKCR$HKCU{Software{Classes
                                                              • API String ID: 1632296858-1142484189
                                                              • Opcode ID: 8e5a7d957b49e770d5ce585c1885614a3a7c0afd3879110be685c2b490b26da2
                                                              • Instruction ID: 5bcb9965b7c70bad85e542ddd022ce9e40a4b3c73885b9f7c67dd30739a41d7d
                                                              • Opcode Fuzzy Hash: 8e5a7d957b49e770d5ce585c1885614a3a7c0afd3879110be685c2b490b26da2
                                                              • Instruction Fuzzy Hash: 9BA1CF7490435E9BDF058FA8C8547EEFBB4AF06714F1048E9E854AF288EB74E954CB90
                                                              Function 00F99250 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 285memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoTaskMemAlloc.OLE32(00000000,77E44823,00000000,00000000), ref: 00F992D9
                                                              • CharNextW.USER32(?,00000000), ref: 00F99359
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 00F9935E
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 00F99363
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 00F99368
                                                              • CharNextW.USER32(?,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F993AC
                                                              • CharNextW.USER32(?,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F993C1
                                                              • CharNextW.USER32(00000000,}},00000009,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F99437
                                                              • CharNextW.USER32(00000000,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F9945E
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F99472
                                                              • CharNextW.USER32(?,00000000,00000000,?,00000001,77E44823), ref: 00F994F8
                                                              • CharNextW.USER32(?,00000000,00000001,77E44823,00000000,00000000), ref: 00F99513
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,77E44823,00000000,00000000), ref: 00F99530
                                                              • CoTaskMemFree.OLE32(00000000,77E44823,00000000,00000000), ref: 00F9954E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext$Task$Free$Alloc
                                                              • String ID: }}$#Hw/$HKCR$HKCU{Software{Classes
                                                              • API String ID: 3193825320-3102257526
                                                              • Opcode ID: 2debbfa4251dd2800c97aa923d2abc0c5c7d3fa8f98115c0c4ba70e389aea45a
                                                              • Instruction ID: d50bb4fc4e8b6ae36468d837622e15bedbb399138d28e13e18e63609be70885e
                                                              • Opcode Fuzzy Hash: 2debbfa4251dd2800c97aa923d2abc0c5c7d3fa8f98115c0c4ba70e389aea45a
                                                              • Instruction Fuzzy Hash: 60A1E474D083499BEF22DFACC844BAEBBF8AF15710F1A401CE845AB284DBB58D05E750
                                                              Function 00F920B0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 250stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetClassNameW.USER32(00000000,?,00000008), ref: 00F92105
                                                              • lstrcmpiW.KERNEL32(?,static), ref: 00F92118
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00F9212D
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00F92141
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00F9214C
                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00F9218E
                                                              • SystemParametersInfoW.USER32(0000001F,0000005C,?,00000000), ref: 00F921C3
                                                              • CreateFontIndirectW.GDI32(?), ref: 00F921D0
                                                              • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,00000000,80000000,80000000,00000000,00000000,00000000,00000000,00000000), ref: 00F92220
                                                              • GetWindowTextLengthW.USER32(00000000), ref: 00F92232
                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F9229B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$CreateText$ClassCursorFontIndirectInfoLengthLoadNameParametersSystemlstrcmpi
                                                              • String ID: #Hw/$Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static$tooltips_class32
                                                              • API String ID: 1715782676-1761152471
                                                              • Opcode ID: 1f8cb2b7f4b6db8b4ea93301032680ba8d0e35a1d99e69dd09cbffe51671203c
                                                              • Instruction ID: 0b6c5f600c718c53b4dc00a9c11b2f57669207a9ef01e6bb0d97ae44e9aafa74
                                                              • Opcode Fuzzy Hash: 1f8cb2b7f4b6db8b4ea93301032680ba8d0e35a1d99e69dd09cbffe51671203c
                                                              • Instruction Fuzzy Hash: 8D919F70A0020ABFEF64DF64DD85FA9B7B8FF04310F14422AE615E2690DB74A954EF52
                                                              Function 6CF2C680 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 285memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoTaskMemAlloc.OLE32(00000000,C3D2D3B7,00000000,00000000), ref: 6CF2C709
                                                              • CharNextW.USER32(?,00000000), ref: 6CF2C789
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6CF2C78E
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6CF2C793
                                                              • CharNextW.USER32(00000000,?,00000000), ref: 6CF2C798
                                                              • CharNextW.USER32(?,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C7DC
                                                              • CharNextW.USER32(?,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C7F1
                                                              • CharNextW.USER32(00000000,}},00000009,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C867
                                                              • CharNextW.USER32(00000000,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C88E
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C8A2
                                                              • CharNextW.USER32(?,00000000,00000000,?,00000001,C3D2D3B7), ref: 6CF2C928
                                                              • CharNextW.USER32(?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C943
                                                              • CoTaskMemFree.OLE32(?,?,00000000,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2C960
                                                              • CoTaskMemFree.OLE32(00000000,C3D2D3B7,00000000,00000000), ref: 6CF2C97E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext$Task$Free$Alloc
                                                              • String ID: }}$HKCR$HKCU{Software{Classes
                                                              • API String ID: 3193825320-1142484189
                                                              • Opcode ID: 07dee46c97b3e61b987505ca36c3d4ce772f44064e2ba5c616d3817889d476a1
                                                              • Instruction ID: 01d8eeb7477b545702508f77b7ded349a09896a0095fdd6b4225f73f21b1a28a
                                                              • Opcode Fuzzy Hash: 07dee46c97b3e61b987505ca36c3d4ce772f44064e2ba5c616d3817889d476a1
                                                              • Instruction Fuzzy Hash: 5BA1B1759043599BFF01ABE8C8447EEBBB4EF15708F208528E846AB784DB79C945C790
                                                              Function 6F83C590 Relevance: 30.1, APIs: 20, Instructions: 128COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(?), ref: 6F83C5B5
                                                              • IsWindow.USER32(?), ref: 6F83C5C7
                                                              • ShowWindow.USER32(?,00000000,?,?), ref: 6F83C5D5
                                                              • ShowWindow.USER32(?,00000000,?,?), ref: 6F83C5DF
                                                              • ShowWindow.USER32(?,00000000,?,?), ref: 6F83C5E9
                                                              • GetSystemMetrics.USER32 ref: 6F83C613
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83C619
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83C620
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83C626
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83C62D
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83C632
                                                              • SetRect.USER32(?,00000000), ref: 6F83C63A
                                                              • ScreenToClient.USER32(?,0000004F), ref: 6F83C64E
                                                              • ScreenToClient.USER32(?,?), ref: 6F83C65C
                                                              • InvalidateRect.USER32(?,00000000,00000000), ref: 6F83C68D
                                                              • UpdateWindow.USER32(?), ref: 6F83C696
                                                              • IsWindow.USER32(?), ref: 6F83C6A8
                                                              • IsWindow.USER32(?), ref: 6F83C6B4
                                                              • ShowWindow.USER32(?,00000004,?,?), ref: 6F83C6FD
                                                              • ShowWindow.USER32(?,00000004), ref: 6F83C707
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$MetricsSystem$Show$ClientRectScreen$InvalidateUpdate
                                                              • String ID:
                                                              • API String ID: 541283412-0
                                                              • Opcode ID: 03a31155a1c22f2ee754e5d1a4b486450d2fd1ef3530b43ba46fccdd1f3648ae
                                                              • Instruction ID: 9949a2a88936d02dbc0c3630771ae6c1be6dbe844ad9c0e415a455439d9e9290
                                                              • Opcode Fuzzy Hash: 03a31155a1c22f2ee754e5d1a4b486450d2fd1ef3530b43ba46fccdd1f3648ae
                                                              • Instruction Fuzzy Hash: 87416D71500214AFDB01AF68CC85B9A7BE8EF49310F1546AAED089F2A5DB71E811CFE1
                                                              Function 00F91590 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 217COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(00000000), ref: 00F915AC
                                                              • GetDC.USER32(00000000), ref: 00F915DE
                                                              • GetClientRect.USER32(00000000,00000000), ref: 00F91604
                                                              • SelectObject.GDI32(00000000,00000000), ref: 00F91699
                                                              • DrawTextW.USER32(00000000,00000000,00000000,?,00000010), ref: 00F916F7
                                                              • SelectObject.GDI32(00000000,?), ref: 00F91707
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ObjectSelect$ClientDrawRectTextWindow
                                                              • String ID: #Hw/
                                                              • API String ID: 452443381-1770964375
                                                              • Opcode ID: 95ebd581f423a4ad16caaad010a0f110ea9469946f55806e63f79012a3aac583
                                                              • Instruction ID: 63a8c5b7457a6ec764495e9715f17ee84e74b5aca15b563e81fe56e7750ef745
                                                              • Opcode Fuzzy Hash: 95ebd581f423a4ad16caaad010a0f110ea9469946f55806e63f79012a3aac583
                                                              • Instruction Fuzzy Hash: 4991F1B5608305AFD750CF28C984B6BBBE8FB88354F005A2DF99AC2650D775E844DF52
                                                              Function 00F900E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 182COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00F90104
                                                              • GetParent.USER32 ref: 00F9011A
                                                              • GetWindow.USER32(?,00000004), ref: 00F90126
                                                              • GetWindowRect.USER32(?,?), ref: 00F90135
                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00F9014E
                                                              • MonitorFromWindow.USER32(?,00000002), ref: 00F90166
                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00F90199
                                                              • GetWindowRect.USER32(?,?), ref: 00F901EF
                                                              • SetWindowPos.USER32(00000000,00000000,?,?,000000FF,000000FF,00000015,?,?,?,?,000000F0,00000000,-000000E0,00000000), ref: 00F902D8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$LongMonitorRect$FromInfoParent
                                                              • String ID: #Hw/$(
                                                              • API String ID: 1468510684-1351227599
                                                              • Opcode ID: bea50f84fd632003feea5be34f2fdae049a859e04c1be5782b055d7601a1e710
                                                              • Instruction ID: cc85fa29325c725743af112838cfddcfe84268d121b0344ff579f1828574c067
                                                              • Opcode Fuzzy Hash: bea50f84fd632003feea5be34f2fdae049a859e04c1be5782b055d7601a1e710
                                                              • Instruction Fuzzy Hash: 76612871A083029FD710CF28D984A1BBBE4FB88720F544A2DF995D32A0DB71ED049F82
                                                              Function 6F83F440 Relevance: 25.7, APIs: 17, Instructions: 173COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsRectEmpty.USER32(?), ref: 6F83F4C9
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83F4DC
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83F4EC
                                                              • IsWindow.USER32(?), ref: 6F83F4FE
                                                              • IsWindow.USER32(?), ref: 6F83F50E
                                                              • ShowWindow.USER32(?,00000004,?,?,?,?,?), ref: 6F83F55B
                                                              • ShowWindow.USER32(?,00000004,?,?,?), ref: 6F83F565
                                                              • IsRectEmpty.USER32(?), ref: 6F83F58D
                                                              • IsRectEmpty.USER32(?), ref: 6F83F5D5
                                                              • IsWindow.USER32(?), ref: 6F83F5EB
                                                              • IsWindow.USER32(?), ref: 6F83F5F7
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F60B
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F615
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F61F
                                                              • UpdateWindow.USER32(?), ref: 6F83F662
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 6F83F688
                                                              • SetCursor.USER32(00000000), ref: 6F83F68F
                                                                • Part of subcall function 6F837E90: UnionRect.USER32(?,?,00000000), ref: 6F837EF8
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Rect$Show$Empty$Cursor$InflateInvalidateLoadUnionUpdate
                                                              • String ID:
                                                              • API String ID: 3338713126-0
                                                              • Opcode ID: 5c997d1812c3810eeaad41609f63f2d77c2d45241587368b327cd1f75a4f5f9f
                                                              • Instruction ID: 46d26f96f166a0bc34788677f0c824c678a0f0606d90861c70a158022b3f93db
                                                              • Opcode Fuzzy Hash: 5c997d1812c3810eeaad41609f63f2d77c2d45241587368b327cd1f75a4f5f9f
                                                              • Instruction Fuzzy Hash: 41710C71A04A16AFDB09DF74C844B9ABBE4BF58310F00465AE858DB660EB34F920CFD1
                                                              Function 6F840BB0 Relevance: 25.6, APIs: 17, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(00000002,?), ref: 6F840BEC
                                                              • SetRect.USER32(00000000,00000000,00000000,00000000,00000000), ref: 6F840C2D
                                                              • OffsetRect.USER32(00000000,00000003,00000000), ref: 6F840C3B
                                                                • Part of subcall function 6F844200: MoveWindow.USER32(00000000,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A,00000000), ref: 6F844246
                                                                • Part of subcall function 6F844200: MoveWindow.USER32(00000000,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F84426E
                                                                • Part of subcall function 6F844200: MoveWindow.USER32(?,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F844296
                                                                • Part of subcall function 6F844200: MoveWindow.USER32(?,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F8442BD
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F840C6E
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F840C74
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F840C7B
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F840C81
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F840C88
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F840C8D
                                                              • SetRect.USER32(00000000,00000000), ref: 6F840C9A
                                                              • IntersectRect.USER32(00000000,00000000,00000000), ref: 6F840CC4
                                                                • Part of subcall function 6F840A40: EnumDisplayMonitors.USER32(00000000,00000000,6F840980,?,00000000,75BF4000), ref: 6F840A6A
                                                                • Part of subcall function 6F840A40: CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A74
                                                                • Part of subcall function 6F840A40: CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A91
                                                                • Part of subcall function 6F840A40: CombineRgn.GDI32(?,?,00000000,00000002), ref: 6F840AA1
                                                                • Part of subcall function 6F840A40: DeleteObject.GDI32(00000000), ref: 6F840AAC
                                                              • RectInRegion.GDI32(00000000,00000000), ref: 6F840CD6
                                                              • EqualRect.USER32(00000000,00000000), ref: 6F840CE8
                                                              • SetRect.USER32(00000000,00000000,?,?,00000000), ref: 6F840D08
                                                              • OffsetRect.USER32(00000000,00000003,00000000), ref: 6F840D12
                                                              • MoveWindow.USER32(00000002,00000000,00000000,00000000,00000000,00000001,00000001), ref: 6F840D3A
                                                              • DeleteObject.GDI32(00000000), ref: 6F840D45
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$MetricsSystemWindow$Move$CreateDeleteIndirectObjectOffset$CombineDisplayEnumEqualIntersectMonitorsRegion
                                                              • String ID:
                                                              • API String ID: 3282275029-0
                                                              • Opcode ID: 0e7d58a38cb6ccaf85b60bd0a88748e504644e9ef8111c0f6be9044ada592bb0
                                                              • Instruction ID: e294253e5273923ca37ae9fc62de84302fcd62b5039508c8a77e4366404c4b55
                                                              • Opcode Fuzzy Hash: 0e7d58a38cb6ccaf85b60bd0a88748e504644e9ef8111c0f6be9044ada592bb0
                                                              • Instruction Fuzzy Hash: 1A51B9B190020CABEB50DFA4CD49FEFBBB8EF48714F104159E905AB280D779A914CFA1
                                                              Function 6F841870 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 182windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetMonitorInfoW.USER32(00000000,00000028), ref: 6F84193E
                                                              • GetWindowDC.USER32(00000000), ref: 6F841955
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F841966
                                                              • SelectObject.GDI32(00000000,?), ref: 6F84197B
                                                              • BitBlt.GDI32(?,?,000000FF,00000000,00000000,00000000,00000000,00000000,40CC0020), ref: 6F8419A8
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F8419B3
                                                              • CopyRect.USER32(?,?), ref: 6F8419CB
                                                              • DeleteDC.GDI32(00000000), ref: 6F841A28
                                                              • ReleaseDC.USER32(00000000), ref: 6F841A3A
                                                              • DeleteObject.GDI32(?), ref: 6F841A45
                                                              • DeleteDC.GDI32(00000000), ref: 6F841A7F
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F841A8A
                                                              • DeleteObject.GDI32(?), ref: 6F841A91
                                                                • Part of subcall function 6F8416B0: GetDesktopWindow.USER32 ref: 6F84177F
                                                                • Part of subcall function 6F8416B0: SetLastError.KERNEL32(00000000), ref: 6F841791
                                                                • Part of subcall function 6F8416B0: GetDesktopWindow.USER32 ref: 6F8417A6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DeleteObject$Window$DesktopReleaseSelect$CompatibleCopyCreateErrorInfoLastMonitorRect
                                                              • String ID: (
                                                              • API String ID: 16116374-3887548279
                                                              • Opcode ID: 89224fda006ee24e19f83152ccb8577ffa01357d56556a82ebb21aae3e9f8aa3
                                                              • Instruction ID: c1c178a9208ed6caa63d869c330e8892cccff540acd985103b2de5ad6a2fd642
                                                              • Opcode Fuzzy Hash: 89224fda006ee24e19f83152ccb8577ffa01357d56556a82ebb21aae3e9f8aa3
                                                              • Instruction Fuzzy Hash: 7171E5B1D00608AFDB55CFA9C944BAEBBF8FF09314F10455AE815AB340D774A915CFA0
                                                              Function 6F83AB10 Relevance: 24.2, APIs: 16, Instructions: 175COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SelectObject.GDI32(?,?), ref: 6F83AB49
                                                              • DeleteObject.GDI32(?), ref: 6F83AB5B
                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,6F859A70,000000FF,?,6F83AAEB), ref: 6F83AB76
                                                              • DeleteObject.GDI32(?), ref: 6F83ABDF
                                                              • GdipDeletePen.GDIPLUS(?,?,?,?,?,6F859A70,000000FF,?,6F83AAEB), ref: 6F83ABF5
                                                              • GdipDeleteBrush.GDIPLUS(?), ref: 6F83AC62
                                                              • GdipDeleteStringFormat.GDIPLUS(?), ref: 6F83AC6A
                                                              • GdipDeleteFont.GDIPLUS(?), ref: 6F83AC76
                                                              • GdipDeleteBrush.GDIPLUS(?), ref: 6F83AC8C
                                                              • DeleteObject.GDI32(?), ref: 6F83AC99
                                                              • DeleteObject.GDI32(?), ref: 6F83ACB4
                                                              • DeleteObject.GDI32(?), ref: 6F83ACCF
                                                              • DeleteObject.GDI32(?), ref: 6F83AD22
                                                              • GdipDeleteGraphics.GDIPLUS(?), ref: 6F83AD3E
                                                              • GdipFree.GDIPLUS(?), ref: 6F83AD45
                                                              • DeleteDC.GDI32(?), ref: 6F83AD6A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Delete$GdipObject$BrushFree$FontFormatGraphicsLibrarySelectString
                                                              • String ID:
                                                              • API String ID: 2123323031-0
                                                              • Opcode ID: 9184a6bb9c4e666a3cacee24e684821d82ca2da221f16944bde692fa456999d9
                                                              • Instruction ID: ee0d9d733f0e8a54153c4e9a1e2c17044aaa58078dfc86e16777a0f9bf284ccd
                                                              • Opcode Fuzzy Hash: 9184a6bb9c4e666a3cacee24e684821d82ca2da221f16944bde692fa456999d9
                                                              • Instruction Fuzzy Hash: 09614075700A13ABEB49DFB5C848B95F7A9FF05710F008699A429DB2A0DB35F864CBD0
                                                              Function 6F83B770 Relevance: 24.2, APIs: 16, Instructions: 167windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 6F83B789
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83B7B3
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83B7B9
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83B7C0
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83B7C6
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83B7CD
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83B7D2
                                                              • SetRect.USER32(00000000,00000000,?,?,?), ref: 6F83B7D9
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?), ref: 6F83B7E3
                                                              • BitBlt.GDI32(?,00000000,00000000,00000000,?,?,00000000,00000000,00CC0020), ref: 6F83B85D
                                                              • BitBlt.GDI32(?,00000000,?,?,00000000,?,00000000,?,00CC0020), ref: 6F83B882
                                                              • BitBlt.GDI32(?,?,?,00000000,00000000,?,?,?,00CC0020), ref: 6F83B8B1
                                                              • BitBlt.GDI32(?,?,?,00000000,?,?,?,?,00CC0020), ref: 6F83B8DA
                                                              • QueryPerformanceCounter.KERNEL32(00000000), ref: 6F83B8E7
                                                              • BitBlt.GDI32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00CC0020), ref: 6F83B91D
                                                              • QueryPerformanceCounter.KERNEL32(?,?,?), ref: 6F83B940
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$CounterPerformanceQuery$Rect
                                                              • String ID:
                                                              • API String ID: 3217735504-0
                                                              • Opcode ID: 7ef19ab882d8c6cdafc3dbd4cde64b643afd724a9743b407c92cfadacb42500d
                                                              • Instruction ID: 88c37f478098a8d94ba9254836c8ced5dde62e6cb049dc3d70c89014dc161620
                                                              • Opcode Fuzzy Hash: 7ef19ab882d8c6cdafc3dbd4cde64b643afd724a9743b407c92cfadacb42500d
                                                              • Instruction Fuzzy Hash: B3513471E40259AFDF10CFA8CD49FEE7BB9EB48700F144169F908AB295D7746910CBA4
                                                              Function 6F83B960 Relevance: 24.1, APIs: 16, Instructions: 145COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InflateRect.USER32(?,00000032,00000032), ref: 6F83B9B3
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83B9BE
                                                              • InflateRect.USER32(?,00000014,00000014), ref: 6F83B9F4
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83B9FF
                                                              • InflateRect.USER32(?,00000032,00000032), ref: 6F83BA3C
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83BA47
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83BA71
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83BA77
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83BA7E
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83BA84
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83BA8B
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83BA90
                                                              • SetRect.USER32(00000000,00000000), ref: 6F83BA9D
                                                              • SetRect.USER32(?,?,?,?,?), ref: 6F83BAD7
                                                              • InflateRect.USER32(?,00000032,00000032), ref: 6F83BAE1
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83BAF0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$MetricsSystem$InflateInvalidate
                                                              • String ID:
                                                              • API String ID: 2387733927-0
                                                              • Opcode ID: 61e391a952f1ccc1e0f60b967f4f75b424ba05ba8153c6c945f97c84e61e0e02
                                                              • Instruction ID: 599ffdef42f9af86afad805976bf53d64b4873f6ef8a36790f1998f9416d0eb2
                                                              • Opcode Fuzzy Hash: 61e391a952f1ccc1e0f60b967f4f75b424ba05ba8153c6c945f97c84e61e0e02
                                                              • Instruction Fuzzy Hash: 5051DCB1940208AFDB40DFA9C985BEEBBF8FF48310F554166E908EB245D774A900CFA1
                                                              Function 6F83B630 Relevance: 24.1, APIs: 16, Instructions: 100windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • QueryPerformanceCounter.KERNEL32(?,?,75296CE0), ref: 6F83B645
                                                              • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 6F83B67A
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F83B684
                                                                • Part of subcall function 6F837DA0: GdipSetSmoothingMode.GDIPLUS(?,00000004,?,?,00000000,?,?,6F83BDA0,?,00000000), ref: 6F837DB5
                                                                • Part of subcall function 6F837DA0: GetCursorPos.USER32(00000000), ref: 6F837E10
                                                                • Part of subcall function 6F837DA0: ScreenToClient.USER32(?,00000000), ref: 6F837E20
                                                                • Part of subcall function 6F837DA0: GdipDrawEllipseI.GDIPLUS(?,?,00000000,00000000,00000000,00000000,?,?,6F83BDA0,?), ref: 6F837E70
                                                              • GdipSetSmoothingMode.GDIPLUS(?,00000003,?,?), ref: 6F83B6A9
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F83B6BA
                                                              • SetBkMode.GDI32(?,00000002), ref: 6F83B6C4
                                                              • SetBkColor.GDI32(?,00000000), ref: 6F83B6D2
                                                              • SelectObject.GDI32(?,?), ref: 6F83B6EA
                                                              • GetStockObject.GDI32(00000005), ref: 6F83B6EE
                                                              • SelectObject.GDI32(?,00000000), ref: 6F83B6FB
                                                              • Rectangle.GDI32(?,?,?,?,?), ref: 6F83B70F
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F83B719
                                                              • SelectObject.GDI32(?,?), ref: 6F83B727
                                                              • SelectObject.GDI32(?,?), ref: 6F83B735
                                                              • Rectangle.GDI32(?,?,?,00000000,?), ref: 6F83B751
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F83B763
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CounterObjectPerformanceQuery$Select$GdipMode$RectangleSmoothing$ClientColorCursorDrawEllipseScreenStock
                                                              • String ID:
                                                              • API String ID: 1040252908-0
                                                              • Opcode ID: 43ee4e4ecacd8082fa677c01e4616199ffeb87474058bb284052975a6ed468e8
                                                              • Instruction ID: e32f43d04f6fe0039cd2dda1661127b6537f78ca0f7e80f7a99fda9e5c0e7ea0
                                                              • Opcode Fuzzy Hash: 43ee4e4ecacd8082fa677c01e4616199ffeb87474058bb284052975a6ed468e8
                                                              • Instruction Fuzzy Hash: 3741D672A0091ABFDF559BA0CD49ADEFB79FF08310F008655E669A2120D735A934DB90
                                                              Function 6F8367A0 Relevance: 24.1, APIs: 16, Instructions: 94windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 6F8367C1
                                                              • GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F8367DA
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F8367E1
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F8367EC
                                                              • CreateBitmap.GDI32(00000001,?,00000001,00000000,00000000), ref: 6F8367FF
                                                              • GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F83680A
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F836810
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F83681F
                                                              • CreateSolidBrush.GDI32(00808080), ref: 6F83682D
                                                              • FillRect.USER32(00000000,00000000,00000000), ref: 6F836856
                                                              • CreateCaret.USER32(?,00000000,00000000,00000000), ref: 6F83686B
                                                              • ShowCaret.USER32(?), ref: 6F836874
                                                              • SelectObject.GDI32(00000000,?), ref: 6F83687E
                                                              • DeleteObject.GDI32(00000000), ref: 6F836889
                                                              • DeleteDC.GDI32(00000000), ref: 6F836894
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83689F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateObject$Delete$CaretReleaseSelectWindow$BitmapBrushCapsCompatibleDeviceFillRectShowSolid
                                                              • String ID:
                                                              • API String ID: 770441394-0
                                                              • Opcode ID: bc19e62ad408684bf8cb0a47877ade6f55af0c52e4daa41785d4264214a292a9
                                                              • Instruction ID: aa4db46ffc5c10aff9d4658c5fe9aaae9a02247968d9cf8e2064a32fd3580885
                                                              • Opcode Fuzzy Hash: bc19e62ad408684bf8cb0a47877ade6f55af0c52e4daa41785d4264214a292a9
                                                              • Instruction Fuzzy Hash: E2316F31A01714AFDF405FA4C949BAE7FB8FF0A711F000495FA15AA290D7799564CBE0
                                                              Function 00F94940 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 154windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F94993
                                                                • Part of subcall function 00F8CAC0: RegSetValueExW.KERNELBASE(?,00F88FF8,00000000,00000004,00000000,00000004,?,80000001,00000000), ref: 00F8CBD9
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F949DD
                                                                • Part of subcall function 00F8CAC0: RegCloseKey.ADVAPI32(?,?,80000001,00000000), ref: 00F8CBED
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F94A27
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F94A71
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F94ABB
                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00F94AEF
                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00F94AFC
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSend$CloseErrorException@8LastThrowValue
                                                              • String ID: #Hw/$AutoClose$AutoCopy$CaptureCursor$KeepSelection$ShowBubbles
                                                              • API String ID: 3576882902-1320557885
                                                              • Opcode ID: c9e3cf6b1a58e6254ad86de64f351686f57a3d8a3a380fcde18be71cc6c5c0b7
                                                              • Instruction ID: b82d8d14c04a1d096761bd09df784b7a3fd15378b865fff27637c06cf56f46c1
                                                              • Opcode Fuzzy Hash: c9e3cf6b1a58e6254ad86de64f351686f57a3d8a3a380fcde18be71cc6c5c0b7
                                                              • Instruction Fuzzy Hash: C451D371A48304BBDB24FF54DD07F9DB7A4EB40B10F200218F9252B6D2DA75AA05EBD6
                                                              Function 00F9A790 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 144windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreatePropertySheetPageW.COMCTL32(?,?,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A81B
                                                              • SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A840
                                                              • DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A859
                                                              • CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A862
                                                              • SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A881
                                                              • DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A89A
                                                              • CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8A3
                                                              • SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A8C2
                                                              • DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8DB
                                                              • CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8E4
                                                              • SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A903
                                                              • DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A91C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: PagePropertySheet$CreateDestroyMessageSend
                                                              • String ID: #Hw/
                                                              • API String ID: 906237230-1770964375
                                                              • Opcode ID: b93a4072d5432495e1e93fa7c70bfce7b16dd467e8d73fc9f7995da16c1cc280
                                                              • Instruction ID: bfa954ef163c73d90ac574668c4d342bbe6a4addc0dbb0c9b54439bcc1f0c5bd
                                                              • Opcode Fuzzy Hash: b93a4072d5432495e1e93fa7c70bfce7b16dd467e8d73fc9f7995da16c1cc280
                                                              • Instruction Fuzzy Hash: 1151B075500708EBEB21DB65CC89FAB77ECAF45750F008919F956C3240EB35E905EB62
                                                              Function 00F97080 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 342COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 00F970C3
                                                                • Part of subcall function 00F83A10: new.LIBCMT ref: 00F83A45
                                                              • new.LIBCMT ref: 00F9712E
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07A7
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F8199B
                                                              • new.LIBCMT ref: 00F971DB
                                                              • new.LIBCMT ref: 00F97288
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07AE
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F81A07
                                                                • Part of subcall function 00F82460: new.LIBCMT ref: 00F82474
                                                              • new.LIBCMT ref: 00F97314
                                                              • new.LIBCMT ref: 00F97369
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task
                                                              • String ID: #Hw/$app_description$app_id$app_type$attach_application$login_token
                                                              • API String ID: 118556049-3304261965
                                                              • Opcode ID: ea133007d13148b8b37205ba1dae4808036f249496351db132dfb12fae2e34d0
                                                              • Instruction ID: f886d22a515f0cc3fe78e4943e19c71ef1cca45182b04e55e968a23541b25c7d
                                                              • Opcode Fuzzy Hash: ea133007d13148b8b37205ba1dae4808036f249496351db132dfb12fae2e34d0
                                                              • Instruction Fuzzy Hash: 09D1AE70E14348DFEF10EBA8CC45BEEBBF5AF45314F144158E404AB282DB79AE45AB91
                                                              Function 00F96330 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 339COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 00F96513
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07A7
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F81A07
                                                              • new.LIBCMT ref: 00F965AF
                                                              • new.LIBCMT ref: 00F96602
                                                              • new.LIBCMT ref: 00F96669
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07AE
                                                              • new.LIBCMT ref: 00F963AA
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F8199B
                                                              • new.LIBCMT ref: 00F963F9
                                                              • new.LIBCMT ref: 00F96466
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task
                                                              • String ID: #Hw/$2.0$jsonrpc$method$params
                                                              • API String ID: 118556049-3106959392
                                                              • Opcode ID: 38237be22ecfd5ff15b257079c2e0156c62f476375b6008c15dda9b7e7318ee9
                                                              • Instruction ID: 9d7d5c3f56dd055a590f7115ded69cfa7c4eb0f899daabe3e834f9b9d46ed5b8
                                                              • Opcode Fuzzy Hash: 38237be22ecfd5ff15b257079c2e0156c62f476375b6008c15dda9b7e7318ee9
                                                              • Instruction Fuzzy Hash: 0AD17D70D00248DFEF10EBA8C845BEEBBF5AF45314F140159E405EB291DB79AE45EBA1
                                                              Function 6F83D380 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 280windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MessageBeep.USER32(00000010), ref: 6F83D6BF
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                                • Part of subcall function 6F83CC90: SHGetSpecialFolderPathW.SHELL32(00000000,6EB740BD,00000005,00000001,?,?,00000000), ref: 6F83CD73
                                                                • Part of subcall function 6F83CC90: PathFileExistsW.SHLWAPI(6F83D3C8,6EB740BD,?,?,00000000), ref: 6F83CDD7
                                                                • Part of subcall function 6F83CC90: CreateDirectoryW.KERNEL32(6F83D3C8,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6F83CDE3
                                                              • IsWindow.USER32(00000002), ref: 6F83D648
                                                              • EndDialog.USER32(00000002,00000000), ref: 6F83D657
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF2B
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF35
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF3F
                                                              • DeleteObject.GDI32(00000000), ref: 6F83D536
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEA6
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEB6
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004,?,?,6EB740BD,8007000E), ref: 6F83BF09
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004), ref: 6F83BF13
                                                                • Part of subcall function 6F83D010: GetActiveWindow.USER32 ref: 6F83D17E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$Path$ActiveBeepCreateDeleteDialogDirectoryExistsFileFolderMessageObjectRedrawSpecial
                                                              • String ID: Format$Lightshot$Screenshot saved to %filename%. Click here to open in folder.$ShowBubbles$[[screenshot_plugin.screenshot_saved]]$image/bmp$image/jpeg$image/png
                                                              • API String ID: 2629980845-1554002028
                                                              • Opcode ID: 663569956396a6df727208fa9f6c624cc1d5c66da8f2f9b3214bd1dbdaff46f2
                                                              • Instruction ID: da9464f34dca3266e6799aa5ade45b6154255fabc3f7e34a20840cb604ce9666
                                                              • Opcode Fuzzy Hash: 663569956396a6df727208fa9f6c624cc1d5c66da8f2f9b3214bd1dbdaff46f2
                                                              • Instruction Fuzzy Hash: 45B1D272D00658ABDB04DFECC854B9DBBB5AF15318F144AD8E415AB3E1EB356900CBE2
                                                              Function 00F9E9D0 Relevance: 21.3, APIs: 1, Strings: 11, Instructions: 255windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F9E7C0: ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 00F9E8C7
                                                                • Part of subcall function 00F9E7C0: SetLastError.KERNEL32(0000000E), ref: 00F9E912
                                                              • MessageBoxW.USER32(?,?,?,00000000), ref: 00F9ECA2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorExecuteLastMessageShell
                                                              • String ID: #Hw/$Lightshot$Lightshot sign in error$Lightshot: Error occured while sign in. Please retry.$Signed in as:$Signin/fail$Signin/success$[[screenshot_app.signed_in_as]]$[[screenshot_app.signin_error_caption]]$[[screenshot_app.signin_error_text]]$username
                                                              • API String ID: 946588250-187117170
                                                              • Opcode ID: 99711dffb0470dae4adcbc9e96d7bebe4d81b4ff5e5ddc356429ee53e5e98ca1
                                                              • Instruction ID: eaa63c928a874e45c2e434e507463be7d074a681f7d2b4229b3546f47cb83590
                                                              • Opcode Fuzzy Hash: 99711dffb0470dae4adcbc9e96d7bebe4d81b4ff5e5ddc356429ee53e5e98ca1
                                                              • Instruction Fuzzy Hash: 6B91B570A042069BDB00EF6CCD46B9EB7B5AF85324F148268F415A72D2DB759D04EBA2
                                                              Function 6F832DA0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 209windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipCreateBitmapFromHBITMAP.GDIPLUS(0000005A,00000000,?,6EB740BD), ref: 6F832DE6
                                                              • GdipGetImageWidth.GDIPLUS(00000000,6F83DEA4), ref: 6F832E1A
                                                              • GdipGetImageHeight.GDIPLUS(00000000,00000000), ref: 6F832E31
                                                              • __floor_pentium4.LIBCMT ref: 6F832E68
                                                              • __floor_pentium4.LIBCMT ref: 6F832EB3
                                                              • GdipCreateBitmapFromScan0.GDIPLUS(00000000,00000000,00000000,00022009,00000000,000000FF), ref: 6F832EF9
                                                              • GdipGetImageGraphicsContext.GDIPLUS(00000000,6F8590CD), ref: 6F832F14
                                                              • GdipDrawImageRectRect.GDIPLUS(00000000,00000000), ref: 6F832F89
                                                              • GdipDeleteGraphics.GDIPLUS(00000000), ref: 6F832FD6
                                                              • GdipDisposeImage.GDIPLUS(?), ref: 6F832FE5
                                                              • GdipDisposeImage.GDIPLUS(00000000), ref: 6F832FE8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Image$BitmapCreateDisposeFromGraphicsRect__floor_pentium4$ContextDeleteDrawHeightScan0Width
                                                              • String ID: image/jpeg
                                                              • API String ID: 2855176925-3785015651
                                                              • Opcode ID: 875a26e76cb969bfaaf3f3df7e2a5d1afbe4813b8c38ee5e630a1f347332e2a7
                                                              • Instruction ID: faa4ee8e63213835351b8323ecb16d681b54efdc94995ba7346d5d70321c5083
                                                              • Opcode Fuzzy Hash: 875a26e76cb969bfaaf3f3df7e2a5d1afbe4813b8c38ee5e630a1f347332e2a7
                                                              • Instruction Fuzzy Hash: A681F2B1D04619EFCB04CFA9D9887EEBBB4FB48310F144699E855B7280D734A924CBA5
                                                              Function 00F90560 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F91290: SetRectEmpty.USER32(?), ref: 00F91304
                                                              • GetDC.USER32(00000000), ref: 00F90609
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F9061E
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F90623
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00F9062D
                                                              • MulDiv.KERNEL32(00000010,00000060,00000060), ref: 00F9063E
                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Calibri), ref: 00F90667
                                                              • MulDiv.KERNEL32(00000012,00000000,00000060), ref: 00F90673
                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Calibri), ref: 00F90696
                                                              • MulDiv.KERNEL32(00000024,00000000,00000060), ref: 00F906A2
                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Calibri), ref: 00F906C5
                                                              • CreateSolidBrush.GDI32(00FFFFFF), ref: 00F906CF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Create$Font$CapsDevice$BrushEmptyRectReleaseSolid
                                                              • String ID: Calibri
                                                              • API String ID: 3408407208-1409258342
                                                              • Opcode ID: 63873985288bd766c1ec2e4100397e74011620d38e1392dc0fbcfbe6cc304c7d
                                                              • Instruction ID: 98d5998e02a3b4fdd19bce208fabfb31e235b9344f751a145f57d50b771365f6
                                                              • Opcode Fuzzy Hash: 63873985288bd766c1ec2e4100397e74011620d38e1392dc0fbcfbe6cc304c7d
                                                              • Instruction Fuzzy Hash: 9D41EDB0780304BAFB209F51CC9BF963AA4AB44B10F254168FA087E2C5D7F5A4049B99
                                                              Function 6F83B9C8 Relevance: 21.1, APIs: 14, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InflateRect.USER32(?,00000014,00000014), ref: 6F83B9F4
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83B9FF
                                                              • InflateRect.USER32(?,00000032,00000032), ref: 6F83BA3C
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83BA47
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83BA71
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83BA77
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83BA7E
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83BA84
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83BA8B
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83BA90
                                                              • SetRect.USER32(00000000,00000000), ref: 6F83BA9D
                                                              • SetRect.USER32(?,?,?,?,?), ref: 6F83BAD7
                                                              • InflateRect.USER32(?,00000032,00000032), ref: 6F83BAE1
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83BAF0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$MetricsSystem$InflateInvalidate
                                                              • String ID:
                                                              • API String ID: 2387733927-0
                                                              • Opcode ID: 1155e376b2118e4d64106b26b87acffbb1c3a38c41215d955597d73d406c7e5d
                                                              • Instruction ID: e2806ed6ced629d8020fa74c305ec902ad92f5161be8ccf9ec5eabc703e9d88c
                                                              • Opcode Fuzzy Hash: 1155e376b2118e4d64106b26b87acffbb1c3a38c41215d955597d73d406c7e5d
                                                              • Instruction Fuzzy Hash: A441EC71940208AFDB50DFA8CD85FEEBBB8EF48310F054465EA09EB285D7759910CFA1
                                                              Function 6F832740 Relevance: 19.6, APIs: 13, Instructions: 147windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 6F832791
                                                              • GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,?), ref: 6F8327BD
                                                              • GdipCreateImageAttributes.GDIPLUS ref: 6F8328C9
                                                              • GdipSetImageAttributesColorMatrix.GDIPLUS(?,00000001,00000001,?,00000000,00000000), ref: 6F8328E4
                                                              • GdipGetImagePixelFormat.GDIPLUS(00000000,?), ref: 6F8328FD
                                                              • GdipCreateBitmapFromScan0.GDIPLUS(00000000,00000000,00000000,?,00000000,?), ref: 6F83291A
                                                              • GdipGetImageGraphicsContext.GDIPLUS(00000000,?), ref: 6F832932
                                                              • GdipDrawImageRectRectI.GDIPLUS(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000002,00000000,00000000,00000000), ref: 6F83295C
                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(00000000,?,000000FF), ref: 6F83296A
                                                              • GdipDeleteGraphics.GDIPLUS(?), ref: 6F83297B
                                                              • GdipDisposeImage.GDIPLUS(00000000), ref: 6F832988
                                                              • GdipDisposeImageAttributes.GDIPLUS(?), ref: 6F83298E
                                                              • GdipDisposeImage.GDIPLUS(00000000), ref: 6F832995
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Image$Create$AttributesBitmapDisposeFrom$GraphicsRect$ColorContextDeleteDrawFormatMatrixObjectPixelScan0
                                                              • String ID:
                                                              • API String ID: 2725278192-0
                                                              • Opcode ID: 77e5b63218b9e4aa75ea5e3fdcba662e0c626c9dd6ca89badf483dd6a4224866
                                                              • Instruction ID: 40028c8866739774436bf268fb27b78625173d29762d89bc114ff64de50d5bdd
                                                              • Opcode Fuzzy Hash: 77e5b63218b9e4aa75ea5e3fdcba662e0c626c9dd6ca89badf483dd6a4224866
                                                              • Instruction Fuzzy Hash: E661E3B1108340AFE760CF11C848B9BBBE8FF89714F10490DF5989A290D7B59918CF92
                                                              Function 6F81919D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 6F8191E1
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819790
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197A2
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197B4
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197C6
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197D8
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197EA
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F8197FC
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F81980E
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819820
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819832
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819844
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819856
                                                                • Part of subcall function 6F819773: _free.LIBCMT ref: 6F819868
                                                              • _free.LIBCMT ref: 6F8191D6
                                                                • Part of subcall function 6F8169EA: HeapFree.KERNEL32(00000000,00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000), ref: 6F816A00
                                                                • Part of subcall function 6F8169EA: GetLastError.KERNEL32(00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000,00000000), ref: 6F816A12
                                                              • _free.LIBCMT ref: 6F8191F8
                                                              • _free.LIBCMT ref: 6F81920D
                                                              • _free.LIBCMT ref: 6F819218
                                                              • _free.LIBCMT ref: 6F81923A
                                                              • _free.LIBCMT ref: 6F81924D
                                                              • _free.LIBCMT ref: 6F81925B
                                                              • _free.LIBCMT ref: 6F819266
                                                              • _free.LIBCMT ref: 6F81929E
                                                              • _free.LIBCMT ref: 6F8192A5
                                                              • _free.LIBCMT ref: 6F8192C2
                                                              • _free.LIBCMT ref: 6F8192DA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID:
                                                              • API String ID: 161543041-0
                                                              • Opcode ID: a2361e8bfae89e1782c54e3702daaaddff84890703146c7363e48b4adeb024b0
                                                              • Instruction ID: 52754c5cf66af5853fbc00684bdb36e5aee6e2773737d36eac66c52ac40e4883
                                                              • Opcode Fuzzy Hash: a2361e8bfae89e1782c54e3702daaaddff84890703146c7363e48b4adeb024b0
                                                              • Instruction Fuzzy Hash: 5E313E31A0C302AFEB15DA78D845F9673E9FF01315F104EAAE8A9DF1A4DB35F8908610
                                                              Function 6F85206F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 6F8520B3
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F8542BB
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F8542CD
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F8542DF
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F8542F1
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854303
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854315
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854327
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854339
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F85434B
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F85435D
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F85436F
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854381
                                                                • Part of subcall function 6F85429E: _free.LIBCMT ref: 6F854393
                                                              • _free.LIBCMT ref: 6F8520A8
                                                                • Part of subcall function 6F84E72A: HeapFree.KERNEL32(00000000,00000000,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008), ref: 6F84E740
                                                                • Part of subcall function 6F84E72A: GetLastError.KERNEL32(00000008,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008,00000008), ref: 6F84E752
                                                              • _free.LIBCMT ref: 6F8520CA
                                                              • _free.LIBCMT ref: 6F8520DF
                                                              • _free.LIBCMT ref: 6F8520EA
                                                              • _free.LIBCMT ref: 6F85210C
                                                              • _free.LIBCMT ref: 6F85211F
                                                              • _free.LIBCMT ref: 6F85212D
                                                              • _free.LIBCMT ref: 6F852138
                                                              • _free.LIBCMT ref: 6F852170
                                                              • _free.LIBCMT ref: 6F852177
                                                              • _free.LIBCMT ref: 6F852194
                                                              • _free.LIBCMT ref: 6F8521AC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID:
                                                              • API String ID: 161543041-0
                                                              • Opcode ID: 14e9db93a28b004b9d28eedba7e0348dbf6b8e2a3338349266535856feb8b592
                                                              • Instruction ID: a09690a29922f9cf007f137269d6f8e305f67c645d383a982f4e2bcbfc68848c
                                                              • Opcode Fuzzy Hash: 14e9db93a28b004b9d28eedba7e0348dbf6b8e2a3338349266535856feb8b592
                                                              • Instruction Fuzzy Hash: B2314031644305AFEB549B39D840B9673E9FF00364F104CAAE499DF190DF35B9A4CB14
                                                              Function 6CF3D8A4 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 6CF3D8E8
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F39A
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F3AC
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F3BE
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F3D0
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F3E2
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F3F4
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F406
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F418
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F42A
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F43C
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F44E
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F460
                                                                • Part of subcall function 6CF3F37D: _free.LIBCMT ref: 6CF3F472
                                                              • _free.LIBCMT ref: 6CF3D8DD
                                                                • Part of subcall function 6CF39945: HeapFree.KERNEL32(00000000,00000000,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?), ref: 6CF3995B
                                                                • Part of subcall function 6CF39945: GetLastError.KERNEL32(?,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?,?), ref: 6CF3996D
                                                              • _free.LIBCMT ref: 6CF3D8FF
                                                              • _free.LIBCMT ref: 6CF3D914
                                                              • _free.LIBCMT ref: 6CF3D91F
                                                              • _free.LIBCMT ref: 6CF3D941
                                                              • _free.LIBCMT ref: 6CF3D954
                                                              • _free.LIBCMT ref: 6CF3D962
                                                              • _free.LIBCMT ref: 6CF3D96D
                                                              • _free.LIBCMT ref: 6CF3D9A5
                                                              • _free.LIBCMT ref: 6CF3D9AC
                                                              • _free.LIBCMT ref: 6CF3D9C9
                                                              • _free.LIBCMT ref: 6CF3D9E1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID:
                                                              • API String ID: 161543041-0
                                                              • Opcode ID: 03899ae3687ff22e3caa694b5ed595dc499ed096805f7e9bb4db0bd951ac396c
                                                              • Instruction ID: 66e72007ff977a483e15a951b699d2af72928c1dfb4b70114b3e30a4d77bc554
                                                              • Opcode Fuzzy Hash: 03899ae3687ff22e3caa694b5ed595dc499ed096805f7e9bb4db0bd951ac396c
                                                              • Instruction Fuzzy Hash: F2318031606324BFEB51CA75D844B8A73F8EF01368F206519E49CD7A50DF31E944CB91
                                                              Function 6F83CC90 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 293COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8315F0: GetProcessHeap.KERNEL32(?), ref: 6F831623
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83164E
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83168F
                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,6EB740BD,00000005,00000001,?,?,00000000), ref: 6F83CD73
                                                              • PathFileExistsW.SHLWAPI(6F83D3C8,6EB740BD,?,?,00000000), ref: 6F83CDD7
                                                              • CreateDirectoryW.KERNEL32(6F83D3C8,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6F83CDE3
                                                                • Part of subcall function 6F8311A0: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8311B2
                                                              • PathFileExistsW.SHLWAPI(?,6F83D3C8,00000000,?,?,?,?,?,00000000), ref: 6F83CEAA
                                                              • PathCombineW.SHLWAPI(?,6F83D3C8,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6F83CF14
                                                              • PathFileExistsW.SHLWAPI(?), ref: 6F83CF79
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Path$ExistsFile$Init_thread_footer$CombineCreateDirectoryException@8FolderHeapProcessSpecialThrow
                                                              • String ID: Format$LastSavedDir$Lightshot$Screenshot_%d$Screenshot_1
                                                              • API String ID: 851241551-473916289
                                                              • Opcode ID: 02f04a8a5eb3e7897c7f15d97a3daf68ea2b2ae9247346918b633e8dcf98d169
                                                              • Instruction ID: 3fa782d5ccd900d85531b7074e9a2f692a220e1ecf7f529f730e228ac6e90601
                                                              • Opcode Fuzzy Hash: 02f04a8a5eb3e7897c7f15d97a3daf68ea2b2ae9247346918b633e8dcf98d169
                                                              • Instruction Fuzzy Hash: CDB1B171E01615AFDB04CFECC848B9EFBF5AF45314F1485A8E405EB2A1EB75A904CBA1
                                                              Function 6F83DCB0 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 250windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MessageBeep.USER32(00000010), ref: 6F83DFB3
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                              • IsWindow.USER32(00000002), ref: 6F83DCF3
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEA6
                                                                • Part of subcall function 6F83BE90: IsWindow.USER32(?), ref: 6F83BEB6
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004,?,?,6EB740BD,8007000E), ref: 6F83BF09
                                                                • Part of subcall function 6F83BE90: ShowWindow.USER32(?,00000004), ref: 6F83BF13
                                                              • EndDialog.USER32(00000002,00000000), ref: 6F83DD0B
                                                                • Part of subcall function 6F832DA0: GdipCreateBitmapFromHBITMAP.GDIPLUS(0000005A,00000000,?,6EB740BD), ref: 6F832DE6
                                                                • Part of subcall function 6F832DA0: GdipGetImageWidth.GDIPLUS(00000000,6F83DEA4), ref: 6F832E1A
                                                                • Part of subcall function 6F832DA0: GdipGetImageHeight.GDIPLUS(00000000,00000000), ref: 6F832E31
                                                                • Part of subcall function 6F832DA0: __floor_pentium4.LIBCMT ref: 6F832E68
                                                                • Part of subcall function 6F832DA0: GdipCreateBitmapFromScan0.GDIPLUS(00000000,00000000,00000000,00022009,00000000,000000FF), ref: 6F832EF9
                                                                • Part of subcall function 6F832DA0: GdipGetImageGraphicsContext.GDIPLUS(00000000,6F8590CD), ref: 6F832F14
                                                              • DeleteObject.GDI32(?), ref: 6F83DEA8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Gdip$Image$BitmapCreateFromShow$BeepContextDeleteDialogGraphicsHeightMessageObjectRedrawScan0Width__floor_pentium4
                                                              • String ID: .bmp$.jpeg$.png$UploadFormat$image/bmp$image/jpeg$image/png
                                                              • API String ID: 1480929586-3066708931
                                                              • Opcode ID: 45e0b256d25cea0a78304cb0f25dbc7bbddf0a3ab83ee91c49c0ce0131e9ce7c
                                                              • Instruction ID: a6725e86f4b7399c547e549067150867933202c8b908b50b9b1bfc630b1fce4b
                                                              • Opcode Fuzzy Hash: 45e0b256d25cea0a78304cb0f25dbc7bbddf0a3ab83ee91c49c0ce0131e9ce7c
                                                              • Instruction Fuzzy Hash: 08A1A072D00658EBDB04DFECC844B9DBBB4AF15314F144AD9E415AB3E1DB74AA04CBA1
                                                              Function 6F847AC0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 94windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(?), ref: 6F847ADE
                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F847BD7
                                                                • Part of subcall function 6F835D50: GetWindowTextLengthW.USER32 ref: 6F835D5A
                                                                • Part of subcall function 6F835D50: GetWindowTextW.USER32(?,00000000,00000001), ref: 6F835D8A
                                                              • GetWindowRect.USER32(?), ref: 6F847B26
                                                              • ScreenToClient.USER32(00000002,00000000), ref: 6F847B37
                                                              • ScreenToClient.USER32(00000002,?), ref: 6F847B49
                                                              • SendMessageW.USER32(?,000000B2,00000000,?), ref: 6F847B6E
                                                              • OffsetRect.USER32(?,00000000,00000000), ref: 6F847B7B
                                                              • ShowWindow.USER32(?,00000000,?,?,?), ref: 6F847B89
                                                              • DestroyWindow.USER32(?,?,?,?), ref: 6F847B95
                                                              • SetFocus.USER32(00000000,?,?,?), ref: 6F847BAB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$ClientRectScreenText$CreateDestroyFocusFontLengthMessageOffsetSendShow
                                                              • String ID: Calibri
                                                              • API String ID: 980692318-1409258342
                                                              • Opcode ID: 9ca84f4c66fa1c9039ac790ac6bfaad9aa39e72f41c31e3bd03de0c056ae7517
                                                              • Instruction ID: 7fc03493759fafbb82ca1c98cd055e777509704b5d676c28ea3833f97cb7a4d5
                                                              • Opcode Fuzzy Hash: 9ca84f4c66fa1c9039ac790ac6bfaad9aa39e72f41c31e3bd03de0c056ae7517
                                                              • Instruction Fuzzy Hash: 13310671200A06AFDB10CF55CC49F9ABBF4BF09720F008559B6099BAA0D774F864CBD5
                                                              Function 00F9A190 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00000022,?), ref: 00F9A213
                                                              • GetLastError.KERNEL32(?,00000022,?), ref: 00F9A21D
                                                              • EnterCriticalSection.KERNEL32(?,?,00000022,?), ref: 00F9A279
                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00000022,?), ref: 00F9A293
                                                              • GetModuleFileNameW.KERNEL32(00F80000,?,00000104,?,00000022,?), ref: 00F9A2E1
                                                              • GetModuleHandleW.KERNEL32(00000000,?), ref: 00F9A362
                                                                • Part of subcall function 00F98570: EnterCriticalSection.KERNEL32(00FC1EFC,?,00000000,00F99FFD), ref: 00F9857E
                                                                • Part of subcall function 00F98570: LeaveCriticalSection.KERNEL32(00FC1EFC,?,00000000,00F99FFD), ref: 00F9858D
                                                                • Part of subcall function 00F98570: DeleteCriticalSection.KERNEL32(00FC1EFC,?,00000000,00F99FFD), ref: 00F9859E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeaveModule$CountDeleteErrorFileHandleInitializeLastNameSpin
                                                              • String ID: #Hw/$Module$Module_Raw$REGISTRY
                                                              • API String ID: 3413592682-1616802580
                                                              • Opcode ID: 6203c343db0371cde7ecf37797e323675558e918faf00e073e53d1822b0b7d13
                                                              • Instruction ID: b15cddb6e59eb0bff8404c8278dc3118272e5fbc61899f87389e02307ad03982
                                                              • Opcode Fuzzy Hash: 6203c343db0371cde7ecf37797e323675558e918faf00e073e53d1822b0b7d13
                                                              • Instruction Fuzzy Hash: 92714172A003288BDF60DB54DC45BE9B3B8AF56310F0401E9E909E7651EE399E84DF92
                                                              Function 6F811930 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowDC.USER32(00000000), ref: 6F811A56
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F811A62
                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 6F811A74
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F811A87
                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,40CC0020), ref: 6F811AA6
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F811AB1
                                                              • DeleteDC.GDI32(00000000), ref: 6F811ADD
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F811AE8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CompatibleCreateObjectSelect$BitmapDeleteReleaseWindow
                                                              • String ID: $l)u
                                                              • API String ID: 1797509002-417278073
                                                              • Opcode ID: f10d3bb520286ac0650626575d11311dbcd8205189bf740420ab454f7c373e44
                                                              • Instruction ID: 50578bc83d56c5ff109ed354818731e74140197b11e52463cbc7f974ba2ec46b
                                                              • Opcode Fuzzy Hash: f10d3bb520286ac0650626575d11311dbcd8205189bf740420ab454f7c373e44
                                                              • Instruction Fuzzy Hash: 50814170A0470AEFEF14CFA4C949BAEBBB9FF49714F104699E915AF240D775A900CB60
                                                              Function 00F924A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgCtrlID.USER32(?), ref: 00F924C6
                                                              • GetDlgCtrlID.USER32(?), ref: 00F924D5
                                                              • GetParent.USER32(FFFFFFFE), ref: 00F924DC
                                                              • SendMessageW.USER32(00000000,0000004E,00000000,?), ref: 00F924EA
                                                              • GetDlgCtrlID.USER32(?), ref: 00F92504
                                                              • GetParent.USER32(?), ref: 00F9250F
                                                              • SendMessageW.USER32(00000000,00000111,?,?), ref: 00F92522
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Ctrl$MessageParentSend
                                                              • String ID: open
                                                              • API String ID: 1194393872-2758837156
                                                              • Opcode ID: 47debe5a6cb5a66e2d11390d462e23f3555b066631214e2f21f27ef5cdf6f1aa
                                                              • Instruction ID: 335f5ae1f39560e2587cc6eb5b9d1fa8112b1a6d42cc58c1088c3566edc06e48
                                                              • Opcode Fuzzy Hash: 47debe5a6cb5a66e2d11390d462e23f3555b066631214e2f21f27ef5cdf6f1aa
                                                              • Instruction Fuzzy Hash: 0721F976A80209BBDB105B69ED8ABD5BFE5FB09321F040346F918D3190C7779820EF91
                                                              Function 6F841460 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,00000000,00000000,6F84116C,?,00000000), ref: 6F84148C
                                                              • FreeLibrary.KERNEL32(00000000,00000000,00000000,6F84116C,?,00000000), ref: 6F84149C
                                                              • LoadLibraryW.KERNEL32(D3d9.dll,00000000,00000000,6F84116C,?,00000000), ref: 6F8414C5
                                                              • GetProcAddress.KERNEL32(00000000,Direct3DCreate9), ref: 6F8414DD
                                                              • LoadLibraryW.KERNEL32(d3dx9_32.dll,?,00000000), ref: 6F8414EB
                                                              • GetProcAddress.KERNEL32(00000000,D3DXSaveSurfaceToFileW), ref: 6F8414FE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Library$AddressFreeLoadProc
                                                              • String ID: D3DXSaveSurfaceToFileW$D3d9.dll$Direct3DCreate9$d3dx9_32.dll
                                                              • API String ID: 145871493-2847385910
                                                              • Opcode ID: c75b29057c7300ce4ae25dd039d41a13831d8afa8b5480cd6cfcbac341957641
                                                              • Instruction ID: 8fb778c0128ae6f676511fb373613630f1b9c747e86dda7df10eac055b92be57
                                                              • Opcode Fuzzy Hash: c75b29057c7300ce4ae25dd039d41a13831d8afa8b5480cd6cfcbac341957641
                                                              • Instruction Fuzzy Hash: FF1130B0600B059FEB649F76C818B53BBE8AF44754F118D5DD4A6DBA50EB74E410CF90
                                                              Function 6F83C720 Relevance: 16.6, APIs: 11, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$ClientScreen
                                                              • String ID:
                                                              • API String ID: 3017843203-0
                                                              • Opcode ID: 80857b791da19e6e7aa8c10601e5bc0bdd64dd9930b9205161ca49d41ddd92d5
                                                              • Instruction ID: fe29a2d80ad101f69d062a3398cea438c345998fbdb144042f598ff853c31766
                                                              • Opcode Fuzzy Hash: 80857b791da19e6e7aa8c10601e5bc0bdd64dd9930b9205161ca49d41ddd92d5
                                                              • Instruction Fuzzy Hash: 8F413E71604704AFD711DF78CC41BAAB7E5FF45714F004A6EE89A8A2A1DB32F911CB91
                                                              Function 6F83C870 Relevance: 16.6, APIs: 11, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$ClientScreen
                                                              • String ID:
                                                              • API String ID: 3017843203-0
                                                              • Opcode ID: 260c77627a00dd744876c6bdacebd9930c6c83cf8d05373b6859d2f96f0d0ac7
                                                              • Instruction ID: c49172bbf118e1f8145255415210a9996923830495aa612d38f914d7c8237da8
                                                              • Opcode Fuzzy Hash: 260c77627a00dd744876c6bdacebd9930c6c83cf8d05373b6859d2f96f0d0ac7
                                                              • Instruction Fuzzy Hash: D2413E71604714AFD711DF38CC45BAAB7E5FF45714F004A6EE89A8A2A0DB32F911CB91
                                                              Function 6F83BB10 Relevance: 16.6, APIs: 11, Instructions: 81windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowDC.USER32(00000000,?,?,?,?,?,6F83BC57,?), ref: 6F83BB3C
                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F83BB43
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F83BB4E
                                                              • CreateBitmap.GDI32(6F83BC57,?,00000001,00000000,00000000), ref: 6F83BB6D
                                                              • GetWindowDC.USER32(00000000,?,?,6F83BC57,?), ref: 6F83BB7A
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F83BB80
                                                              • SelectObject.GDI32(00000000,?), ref: 6F83BB91
                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,6F83BC57,?,00CC0020), ref: 6F83BBB6
                                                              • SelectObject.GDI32(00000000,00000000), ref: 6F83BBBE
                                                              • DeleteDC.GDI32(00000000), ref: 6F83BBC5
                                                              • ReleaseDC.USER32(00000000,?), ref: 6F83BBD0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateObjectReleaseSelectWindow$BitmapCapsCompatibleDeleteDevice
                                                              • String ID:
                                                              • API String ID: 846909467-0
                                                              • Opcode ID: 7ea79b148cd8e392ed546971796fb2b63d236f0a5c527dcaa779dc4d58540df8
                                                              • Instruction ID: 23301ea97b42f015b7f2087ac8e9688de5aaaf41ae32c3d57d627fbdd01bd29b
                                                              • Opcode Fuzzy Hash: 7ea79b148cd8e392ed546971796fb2b63d236f0a5c527dcaa779dc4d58540df8
                                                              • Instruction Fuzzy Hash: 6F21D776900208AFDF50DFA8C985FAEBBF8FB49710F100599F618E7240D7759921DB90
                                                              Function 00FB0813 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FA5DFE,00FA5DFE,?,?,?,00FB0A64,00000001,00000001,9AE85006), ref: 00FB086D
                                                              • __alloca_probe_16.LIBCMT ref: 00FB08A5
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FB0A64,00000001,00000001,9AE85006,?,?,?), ref: 00FB08F3
                                                              • __alloca_probe_16.LIBCMT ref: 00FB098A
                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,9AE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FB09ED
                                                              • __freea.LIBCMT ref: 00FB09FA
                                                                • Part of subcall function 00FAC703: HeapAlloc.KERNEL32(00000000,00FA030B,00F812B1,?,00FA2ED1,00F812B3,00F812B1,?,00F812B1,?,00FA0201,00FA030B,00F812B5,00F812B1,00F812B1,00F812B1), ref: 00FAC735
                                                              • __freea.LIBCMT ref: 00FB0A03
                                                              • __freea.LIBCMT ref: 00FB0A28
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                              • String ID: #Hw/
                                                              • API String ID: 2597970681-1770964375
                                                              • Opcode ID: 8f944e12897c65aa62ef0e52fca731aa026e5e1cc69d7ad9772ea0da75f00ce2
                                                              • Instruction ID: 6b632dea71d740985c1a3cd40fbdab62732543117e7a385b421a9e7de942289d
                                                              • Opcode Fuzzy Hash: 8f944e12897c65aa62ef0e52fca731aa026e5e1cc69d7ad9772ea0da75f00ce2
                                                              • Instruction Fuzzy Hash: 2B51A072A1021AAFEB258E66CC81FEF77A9EB44760F154629FD05D7141EF38DC40EA90
                                                              Function 6F8471D0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00000022,?), ref: 6F847253
                                                              • GetLastError.KERNEL32(?,00000022,?), ref: 6F84725D
                                                              • EnterCriticalSection.KERNEL32(?,?,00000022,?), ref: 6F8472B9
                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00000022,?), ref: 6F8472D3
                                                              • GetModuleFileNameW.KERNEL32(6F830000,?,00000104,?,00000022,?), ref: 6F847321
                                                              • GetModuleHandleW.KERNEL32(00000000,?), ref: 6F8473A2
                                                                • Part of subcall function 6F8455A0: EnterCriticalSection.KERNEL32(6F8620BC,?,00000000,6F84703D), ref: 6F8455AE
                                                                • Part of subcall function 6F8455A0: LeaveCriticalSection.KERNEL32(6F8620BC,?,00000000,6F84703D), ref: 6F8455BD
                                                                • Part of subcall function 6F8455A0: DeleteCriticalSection.KERNEL32(6F8620BC,?,00000000,6F84703D), ref: 6F8455CE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeaveModule$CountDeleteErrorFileHandleInitializeLastNameSpin
                                                              • String ID: Module$Module_Raw$REGISTRY
                                                              • API String ID: 3413592682-549000027
                                                              • Opcode ID: 3b4057c504c3e548953a4c652cd78a80838245941bd9514f89e78fc836d05eea
                                                              • Instruction ID: aa08b45a2ad2e974155cb15cb57882c6e287cfd5c09adf45435d438546509cf4
                                                              • Opcode Fuzzy Hash: 3b4057c504c3e548953a4c652cd78a80838245941bd9514f89e78fc836d05eea
                                                              • Instruction Fuzzy Hash: 07714272A0072C9BCB64DB58CC40BDDB3B8AF55314F4105EAE909AB640DB359E94CF91
                                                              Function 6CF2D5C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00000022,?), ref: 6CF2D643
                                                              • GetLastError.KERNEL32(?,00000022,?), ref: 6CF2D64D
                                                              • EnterCriticalSection.KERNEL32(?,?,00000022,?), ref: 6CF2D6A9
                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,00000022,?), ref: 6CF2D6C3
                                                              • GetModuleFileNameW.KERNEL32(6CF20000,?,00000104,?,00000022,?), ref: 6CF2D711
                                                              • GetModuleHandleW.KERNEL32(00000000,?), ref: 6CF2D792
                                                                • Part of subcall function 6CF2B970: EnterCriticalSection.KERNEL32(6CF4CECC,?,00000000,6CF2D42D), ref: 6CF2B97E
                                                                • Part of subcall function 6CF2B970: LeaveCriticalSection.KERNEL32(6CF4CECC,?,00000000,6CF2D42D), ref: 6CF2B98D
                                                                • Part of subcall function 6CF2B970: DeleteCriticalSection.KERNEL32(6CF4CECC,?,00000000,6CF2D42D), ref: 6CF2B99E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeaveModule$CountDeleteErrorFileHandleInitializeLastNameSpin
                                                              • String ID: Module$Module_Raw$REGISTRY
                                                              • API String ID: 3413592682-549000027
                                                              • Opcode ID: f5ea2cfa32bb5997deec5d2b344f40877f8149644b4a51d15423dda550e77864
                                                              • Instruction ID: ea68b0fb492e3934f21f17ba59e8827d5fde0b73dc9650730a81963b910c33e7
                                                              • Opcode Fuzzy Hash: f5ea2cfa32bb5997deec5d2b344f40877f8149644b4a51d15423dda550e77864
                                                              • Instruction Fuzzy Hash: 36715572A013289BDB60DB94CC44BDA77B8AF55314F1041E9E90DA7A40DB399E88CF92
                                                              Function 6CF2A820 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 210windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShellExecuteW.SHELL32(00000000,open,74DF3170,00000000,00000000,00000001), ref: 6CF2A9E2
                                                              • PostMessageW.USER32(00000001,00000012,00000000,00000000), ref: 6CF2AA08
                                                              Strings
                                                              • https://www.facebook.com/sharer.php?u=, xrefs: 6CF2A8D3
                                                              • &media=, xrefs: 6CF2A936
                                                              • https://vk.com/share.php?url=, xrefs: 6CF2A905
                                                              • open, xrefs: 6CF2A9DB
                                                              • https://twitter.com/home?source=Lightshot&status=, xrefs: 6CF2A870
                                                              • %20, xrefs: 6CF2A87E
                                                              • https://pinterest.com/pin/create/button/?url=, xrefs: 6CF2A928
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExecuteMessagePostShell
                                                              • String ID: %20$&media=$https://pinterest.com/pin/create/button/?url=$https://twitter.com/home?source=Lightshot&status=$https://vk.com/share.php?url=$https://www.facebook.com/sharer.php?u=$open
                                                              • API String ID: 2650313982-2817892253
                                                              • Opcode ID: 7114f622387cbf8b9c971155827ae0d4d2a63b2e47addf83e79dc411a31d7722
                                                              • Instruction ID: 29495d8a0d76cc2af73196541c1edbf1c4ffb82eec9ce5289b1f209fbc1b7ffd
                                                              • Opcode Fuzzy Hash: 7114f622387cbf8b9c971155827ae0d4d2a63b2e47addf83e79dc411a31d7722
                                                              • Instruction Fuzzy Hash: 4B81AF30A01545DBD700CBA8C848B9EFBB5EF55328F14C269E415DB7A2EB39DE09CB91
                                                              Function 00F9E7C0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 155COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F884E0: EnterCriticalSection.KERNEL32(?,77E44823,?,?,?,80004005), ref: 00F88515
                                                                • Part of subcall function 00F884E0: LeaveCriticalSection.KERNEL32(?,?,?,?,80004005), ref: 00F88577
                                                                • Part of subcall function 00F884E0: SetEvent.KERNEL32(?,?,?,?,80004005), ref: 00F88580
                                                                • Part of subcall function 00F8E040: GetTickCount.KERNEL32 ref: 00F8E0A5
                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 00F9E8C7
                                                              • SetLastError.KERNEL32(0000000E), ref: 00F9E912
                                                                • Part of subcall function 00F935A0: GetCurrentThreadId.KERNEL32 ref: 00F935B5
                                                                • Part of subcall function 00F935A0: EnterCriticalSection.KERNEL32(00FCC684), ref: 00F935C3
                                                                • Part of subcall function 00F935A0: LeaveCriticalSection.KERNEL32(00FCC684), ref: 00F935DC
                                                              • DialogBoxParamW.USER32(0000006E,?,00F9F7E0,00000000,?), ref: 00F9E94A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$CountCurrentDialogErrorEventExecuteLastParamShellThreadTick
                                                              • String ID: #Hw$#Hw/$Signin/try$app/attach_app.php?id=$https://prntscr.com/$open
                                                              • API String ID: 3360402780-2982044817
                                                              • Opcode ID: e69d828b1eb8041422da383e83bb89a6abb797779b3e86ef0bc89c798b65c6ac
                                                              • Instruction ID: f493b13fd35d0534583322e29b6fd69a52d95791c0857a1a719c70ce78431802
                                                              • Opcode Fuzzy Hash: e69d828b1eb8041422da383e83bb89a6abb797779b3e86ef0bc89c798b65c6ac
                                                              • Instruction Fuzzy Hash: 8951B431A01249DFEB10DB68CC46FD9B7B4EF85324F1482A8E4199B2D1DB749D40DF91
                                                              Function 00FA0030 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(00FCC684,00000000,?,?), ref: 00FA0057
                                                              • GetClassInfoExW.USER32(00000000,?,?), ref: 00FA008F
                                                              • GetClassInfoExW.USER32(?,00000030), ref: 00FA00A2
                                                              • LeaveCriticalSection.KERNEL32(00FCC684), ref: 00FA00AD
                                                              • LoadCursorW.USER32(00F80000,?), ref: 00FA00ED
                                                              • GetClassInfoExW.USER32(?,?,?), ref: 00FA0138
                                                              • LeaveCriticalSection.KERNEL32(00FCC684), ref: 00FA0157
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClassCriticalInfoSection$Leave$CursorEnterLoad
                                                              • String ID: 0$ATL:%p
                                                              • API String ID: 3175245581-2453800769
                                                              • Opcode ID: 5e19976a0a2be0fe65bd9f1171cccf0947f1fbbcbfd61e0ac1d97aedbb7e3bf4
                                                              • Instruction ID: 112b7cc9852b7e1979502808db4e6b8b4226ad959cf1d6f9ffc43ee4844d783d
                                                              • Opcode Fuzzy Hash: 5e19976a0a2be0fe65bd9f1171cccf0947f1fbbcbfd61e0ac1d97aedbb7e3bf4
                                                              • Instruction Fuzzy Hash: BB417F75A00209DFDF14DF54E9C5AAA7BB8FF09320F4041A9ED099B255EB71D840EF91
                                                              Function 00F88280 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84synchronizationthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,00000000,77E44823,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F882BD
                                                              • TerminateThread.KERNEL32(?,00000000,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F882CF
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F882D8
                                                              • CloseHandle.KERNEL32(?,77E44823,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F882E4
                                                              • DeleteCriticalSection.KERNEL32(?,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F882EA
                                                              • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F8833D
                                                              • TerminateThread.KERNEL32(?,00000000,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F8834F
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00FB6CB0,000000FF,?,00F8825B), ref: 00F88358
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$ObjectSingleTerminateThreadWait$CriticalDeleteSection
                                                              • String ID: #Hw/
                                                              • API String ID: 2158937055-1770964375
                                                              • Opcode ID: f616aa1996fdc4583172ea66c91ac86c11e8e7f7f2bc07318a83efea647e489c
                                                              • Instruction ID: 8f1857bb14b05eb8dbfaac2e195964e8f5d9f21a51654a043791d18a068ea348
                                                              • Opcode Fuzzy Hash: f616aa1996fdc4583172ea66c91ac86c11e8e7f7f2bc07318a83efea647e489c
                                                              • Instruction Fuzzy Hash: 5E31AC71600A099FD7209F69CD89B4AFBE9FF04B20F108A2DE45AC36A0DB75E8019F50
                                                              Function 6F8450B0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 79registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,6F846E03,?), ref: 6F8450CA
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 6F8450DA
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 6F845102
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,6F846E03,?), ref: 6F845127
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 6F845137
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 6F845179
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressDeleteHandleModuleProc
                                                              • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                              • API String ID: 588496660-1053001802
                                                              • Opcode ID: 7e26cf2acc0db9b48375f4dcffc790055eb419ff24477952396d9e5409d096ce
                                                              • Instruction ID: abdbf3f4158cfc12f693cc15ae332d4655c85743f5db0ed42a9ffe2c50f4b282
                                                              • Opcode Fuzzy Hash: 7e26cf2acc0db9b48375f4dcffc790055eb419ff24477952396d9e5409d096ce
                                                              • Instruction Fuzzy Hash: 1221D136200618ABEF118FADDC08B99BBA4EB56771F0044E7F218ED240C776A470CBE0
                                                              Function 6CF2B470 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 79registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,6CF2D1F3,?), ref: 6CF2B48A
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 6CF2B49A
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 6CF2B4C2
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,6CF2D1F3,?), ref: 6CF2B4E7
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 6CF2B4F7
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 6CF2B539
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressDeleteHandleModuleProc
                                                              • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                              • API String ID: 588496660-1053001802
                                                              • Opcode ID: 08ff5046b90f429ebba9d07478c3a3d602d53e22afc7c569cf43808448fe8d0d
                                                              • Instruction ID: bd96104d46be50248edaa48183cbd2e3872c90b750b2443c76d63746823820db
                                                              • Opcode Fuzzy Hash: 08ff5046b90f429ebba9d07478c3a3d602d53e22afc7c569cf43808448fe8d0d
                                                              • Instruction Fuzzy Hash: 6E210477714204ABEF106FDCE804B86BBB8EB61366F108826FA0AD6945C77AD454C760
                                                              Function 00F98070 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 79registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,00F99DC3,?), ref: 00F9808A
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00F9809A
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 00F980C2
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,00F99DC3,?), ref: 00F980E7
                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F980F7
                                                              • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 00F98139
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressDeleteHandleModuleProc
                                                              • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                              • API String ID: 588496660-1053001802
                                                              • Opcode ID: 8c44d98f0ddd055b35f2197390723aa145d90883011ffb8b2c55429a0827c19b
                                                              • Instruction ID: 32b9ba98f51e166974224b9ead3f8e5e51ee58ad3bfe8039b7b569f03e01ebe6
                                                              • Opcode Fuzzy Hash: 8c44d98f0ddd055b35f2197390723aa145d90883011ffb8b2c55429a0827c19b
                                                              • Instruction Fuzzy Hash: 8721AA76300208AAEB315F98ED06F957B98EF557A1F144026F50493070DB72D496FF65
                                                              Function 6F840710 Relevance: 15.2, APIs: 10, Instructions: 229COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004F), ref: 6F8349D8
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004D), ref: 6F8349DE
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004E), ref: 6F8349E5
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004C), ref: 6F8349EB
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004D), ref: 6F8349F2
                                                                • Part of subcall function 6F8349B0: GetSystemMetrics.USER32(0000004C), ref: 6F8349F7
                                                                • Part of subcall function 6F8349B0: SetRect.USER32(?,00000000), ref: 6F8349FB
                                                              • IntersectRect.USER32(00000000,?,?), ref: 6F840868
                                                              • IntersectRect.USER32(00000000,?,?), ref: 6F8408A3
                                                              • IntersectRect.USER32(00000000,?,?), ref: 6F8408C0
                                                              • ClientToScreen.USER32(?,?), ref: 6F8408E5
                                                              • ClientToScreen.USER32(?,?), ref: 6F8408F2
                                                              • ClientToScreen.USER32(?,?), ref: 6F8408FD
                                                              • ClientToScreen.USER32(?,6F83BEFB), ref: 6F84090A
                                                              • GetSystemMetrics.USER32(00000050), ref: 6F84090E
                                                              • MoveWindow.USER32(00000002,?,?,?,?,00000001), ref: 6F840948
                                                              • MoveWindow.USER32(00000002,?,?,6F83BEFB,?,00000001), ref: 6F840966
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$ClientRectScreen$Intersect$MoveWindow
                                                              • String ID:
                                                              • API String ID: 91665355-0
                                                              • Opcode ID: ff190cf50e07e06dc9b182601f3edfdbefe47e607cf2fa11259f44059feb39d2
                                                              • Instruction ID: 16e7ffe3a52219f283326e72984493542fef93caace375b9f91413e99936572c
                                                              • Opcode Fuzzy Hash: ff190cf50e07e06dc9b182601f3edfdbefe47e607cf2fa11259f44059feb39d2
                                                              • Instruction Fuzzy Hash: 459196B5D0021E9FDB04CFA8C984AEEBBF8BF08304F10456AE515E7244E775AA15CFA0
                                                              Function 6F8440E0 Relevance: 15.1, APIs: 10, Instructions: 99windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 6F844101
                                                              • ScreenToClient.USER32(?,?), ref: 6F844118
                                                              • ScreenToClient.USER32(?,?), ref: 6F844126
                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 6F844151
                                                              • GdipCreateFromHDC.GDIPLUS ref: 6F844171
                                                              • GdipDrawImageRectI.GDIPLUS(?,00000000,00000000,00000000,?,?), ref: 6F8441A6
                                                              • BeginPaint.USER32(?,?), ref: 6F8441B4
                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6F8441D1
                                                              • EndPaint.USER32(?,?), ref: 6F8441DF
                                                              • GdipDeleteGraphics.GDIPLUS(?), ref: 6F8441E6
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$ClientPaintRectScreen$BeginCreateDeleteDrawFromGraphicsImageWindow
                                                              • String ID:
                                                              • API String ID: 140011580-0
                                                              • Opcode ID: 0bdb98be047d480f44b0326d6d46dd231ca79b14b5c91440d8fdfc915c33222b
                                                              • Instruction ID: 1251e7cc200ec2701dd413988cea190a8f3c8b81fc0a4527567671de9195e35f
                                                              • Opcode Fuzzy Hash: 0bdb98be047d480f44b0326d6d46dd231ca79b14b5c91440d8fdfc915c33222b
                                                              • Instruction Fuzzy Hash: 14311372104B09AFDB218FA0CC45F6BBBE9FF48714F000959FA96965A0D725F824CFA1
                                                              Function 6F842E20 Relevance: 15.1, APIs: 10, Instructions: 94windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(00000002,?), ref: 6F842E41
                                                              • ScreenToClient.USER32(00000002,?), ref: 6F842E58
                                                              • ScreenToClient.USER32(00000002,?), ref: 6F842E66
                                                              • BitBlt.GDI32(?,00000000,00000000,00000000,?,00000000,?,?,00CC0020), ref: 6F842E97
                                                              • GdipCreateFromHDC.GDIPLUS ref: 6F842EB7
                                                              • GdipDrawImageRectI.GDIPLUS(?,00000000,00000000,00000000,00000000,00000000), ref: 6F842EDD
                                                              • BeginPaint.USER32(00000002,?), ref: 6F842EEB
                                                              • BitBlt.GDI32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00CC0020), ref: 6F842F08
                                                              • EndPaint.USER32(00000002,?), ref: 6F842F12
                                                              • GdipDeleteGraphics.GDIPLUS(?), ref: 6F842F19
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$ClientPaintRectScreen$BeginCreateDeleteDrawFromGraphicsImageWindow
                                                              • String ID:
                                                              • API String ID: 140011580-0
                                                              • Opcode ID: 807d0e4c3b22d84220a1237b74198e459e11007e79c036c869afe855effab849
                                                              • Instruction ID: 3d5e7fc85351d851ac4123c1ff3b96f75d2eb57ae0c7d9265436b6f90573be4f
                                                              • Opcode Fuzzy Hash: 807d0e4c3b22d84220a1237b74198e459e11007e79c036c869afe855effab849
                                                              • Instruction Fuzzy Hash: 37311272104B05AFDB218FA4CC41F6BBBE9FF48B10F00091DF685925A0D735E924DBA2
                                                              Function 6F839980 Relevance: 15.1, APIs: 10, Instructions: 94windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 6F8399A1
                                                              • ScreenToClient.USER32(?,?), ref: 6F8399B8
                                                              • ScreenToClient.USER32(?,?), ref: 6F8399C6
                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 6F8399F7
                                                              • GdipCreateFromHDC.GDIPLUS ref: 6F839A17
                                                              • GdipDrawImageRectI.GDIPLUS(?,00000000,00000000,00000000,00000000,00000000), ref: 6F839A3D
                                                              • BeginPaint.USER32(?,?), ref: 6F839A4B
                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6F839A68
                                                              • EndPaint.USER32(?,?), ref: 6F839A72
                                                              • GdipDeleteGraphics.GDIPLUS(?), ref: 6F839A79
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$ClientPaintRectScreen$BeginCreateDeleteDrawFromGraphicsImageWindow
                                                              • String ID:
                                                              • API String ID: 140011580-0
                                                              • Opcode ID: c7c281dda1021f47f4697c2999053dba991de74913d7c5bb160f6c305eb9000e
                                                              • Instruction ID: 8baaf04f8affd0f779d78cba85d6e687c5b75d5295563591fd965297674e7bd4
                                                              • Opcode Fuzzy Hash: c7c281dda1021f47f4697c2999053dba991de74913d7c5bb160f6c305eb9000e
                                                              • Instruction Fuzzy Hash: 02313472104B05AFDB218FA4CC41F6BBBE9FF48710F000959F686925A0D730F924DBA2
                                                              Function 6F816EFE Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F816F12
                                                                • Part of subcall function 6F8169EA: HeapFree.KERNEL32(00000000,00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000), ref: 6F816A00
                                                                • Part of subcall function 6F8169EA: GetLastError.KERNEL32(00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000,00000000), ref: 6F816A12
                                                              • _free.LIBCMT ref: 6F816F1E
                                                              • _free.LIBCMT ref: 6F816F29
                                                              • _free.LIBCMT ref: 6F816F34
                                                              • _free.LIBCMT ref: 6F816F3F
                                                              • _free.LIBCMT ref: 6F816F4A
                                                              • _free.LIBCMT ref: 6F816F55
                                                              • _free.LIBCMT ref: 6F816F60
                                                              • _free.LIBCMT ref: 6F816F6B
                                                              • _free.LIBCMT ref: 6F816F79
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 291ff22716689c20275b2556dccade6ed38b67c33c889268d63f7fc1891541e7
                                                              • Instruction ID: 735927e3ee1c41d3fd69a10900071423cc12aea283e47770e6272e011a503509
                                                              • Opcode Fuzzy Hash: 291ff22716689c20275b2556dccade6ed38b67c33c889268d63f7fc1891541e7
                                                              • Instruction Fuzzy Hash: 0A11D776504209BFCB01DF58C866CDD3B65EF05358B0186A5F9884F271D735EA61DB40
                                                              Function 6F84F249 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F84F25D
                                                                • Part of subcall function 6F84E72A: HeapFree.KERNEL32(00000000,00000000,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008), ref: 6F84E740
                                                                • Part of subcall function 6F84E72A: GetLastError.KERNEL32(00000008,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008,00000008), ref: 6F84E752
                                                              • _free.LIBCMT ref: 6F84F269
                                                              • _free.LIBCMT ref: 6F84F274
                                                              • _free.LIBCMT ref: 6F84F27F
                                                              • _free.LIBCMT ref: 6F84F28A
                                                              • _free.LIBCMT ref: 6F84F295
                                                              • _free.LIBCMT ref: 6F84F2A0
                                                              • _free.LIBCMT ref: 6F84F2AB
                                                              • _free.LIBCMT ref: 6F84F2B6
                                                              • _free.LIBCMT ref: 6F84F2C4
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 3211427935abfc0233e119832db19ca1a40929ed0d95ae89be41cbca8cf95bfb
                                                              • Instruction ID: 864f8b0c44b04c0c3e96e1df4c5d8e7f0343a2183f520b6572589a6732d035be
                                                              • Opcode Fuzzy Hash: 3211427935abfc0233e119832db19ca1a40929ed0d95ae89be41cbca8cf95bfb
                                                              • Instruction Fuzzy Hash: 7511C87A50020CBFCB01DFA8D851CDD3BA5EF043A4B4194E5F9888F261EB31EE519B84
                                                              Function 6CF3AA5E Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6CF3AA72
                                                                • Part of subcall function 6CF39945: HeapFree.KERNEL32(00000000,00000000,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?), ref: 6CF3995B
                                                                • Part of subcall function 6CF39945: GetLastError.KERNEL32(?,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?,?), ref: 6CF3996D
                                                              • _free.LIBCMT ref: 6CF3AA7E
                                                              • _free.LIBCMT ref: 6CF3AA89
                                                              • _free.LIBCMT ref: 6CF3AA94
                                                              • _free.LIBCMT ref: 6CF3AA9F
                                                              • _free.LIBCMT ref: 6CF3AAAA
                                                              • _free.LIBCMT ref: 6CF3AAB5
                                                              • _free.LIBCMT ref: 6CF3AAC0
                                                              • _free.LIBCMT ref: 6CF3AACB
                                                              • _free.LIBCMT ref: 6CF3AAD9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 5c9e5c54450328ec775e76c6f1b6a288d130ac2e56092355399e0da686f201b3
                                                              • Instruction ID: 1fe6af17e34dd628efb7bf11d6eb7f57d02213c644e914915161a1ab2cad262c
                                                              • Opcode Fuzzy Hash: 5c9e5c54450328ec775e76c6f1b6a288d130ac2e56092355399e0da686f201b3
                                                              • Instruction Fuzzy Hash: B311B376102118FFCB42DF96C881CDD3BA5EF05264B1190A5BA4C8FA21DF32EB58DB81
                                                              Function 00F88870 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 351COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • GetWindowDC.USER32(00000000,0000000C,00000000,?,?,00000000,?), ref: 00F88BF6
                                                              • GetDeviceCaps.GDI32(00000000), ref: 00F88BFD
                                                              • GetSystemMetrics.USER32(0000004F), ref: 00F88C1D
                                                              • GetSystemMetrics.USER32(0000004E), ref: 00F88C22
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$CapsDeviceErrorException@8HeapLastProcessThrowWindow
                                                              • String ID: #Hw/$%dx%d$ga_first_time$ga_unique_id
                                                              • API String ID: 4021136651-2000399386
                                                              • Opcode ID: 4faa74c64ad7d4493be4082087340374af1595c46ad7946534b48e92fe14f401
                                                              • Instruction ID: e9a2c8cd4b85dd51f85c9adc80dba55408f4cdc2a733ec3e842072fc5079377c
                                                              • Opcode Fuzzy Hash: 4faa74c64ad7d4493be4082087340374af1595c46ad7946534b48e92fe14f401
                                                              • Instruction Fuzzy Hash: 2FD1D371A04245EBD704FB68CC06BDEBBA4EF54364F14826CE419EB292EF34D905DBA1
                                                              Function 6F846ED0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 6F846F53
                                                              • GetLastError.KERNEL32 ref: 6F846F5D
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6F846FB9
                                                              • LeaveCriticalSection.KERNEL32(?,?,?), ref: 6F846FD3
                                                              • GetModuleFileNameW.KERNEL32(6F830000,?,00000104), ref: 6F847021
                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 6F8470A2
                                                                • Part of subcall function 6F8489E0: ___report_securityfailure.LIBCMT ref: 6F8489E5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Module$CountEnterErrorFileHandleInitializeLastLeaveNameSpin___report_securityfailure
                                                              • String ID: Module$Module_Raw
                                                              • API String ID: 1102918649-3885325121
                                                              • Opcode ID: 94459779fa9b68faf810da06ad9e6f41dd919bcfda5d87bdbc15b42fb4033758
                                                              • Instruction ID: efaad0ebc48f4da3248e5f8975d576520458a25b05c6dfb1248d8332b897bb15
                                                              • Opcode Fuzzy Hash: 94459779fa9b68faf810da06ad9e6f41dd919bcfda5d87bdbc15b42fb4033758
                                                              • Instruction Fuzzy Hash: 35714271A0172C9BCB64DF58CC407DDB3B8AF56314F4005EAD809AB640DB35AE94CF92
                                                              Function 6CF2D2C0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000), ref: 6CF2D343
                                                              • GetLastError.KERNEL32 ref: 6CF2D34D
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CF2D3A9
                                                              • LeaveCriticalSection.KERNEL32(?,?,?), ref: 6CF2D3C3
                                                              • GetModuleFileNameW.KERNEL32(6CF20000,?,00000104), ref: 6CF2D411
                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 6CF2D492
                                                                • Part of subcall function 6CF31703: ___report_securityfailure.LIBCMT ref: 6CF31708
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Module$CountEnterErrorFileHandleInitializeLastLeaveNameSpin___report_securityfailure
                                                              • String ID: Module$Module_Raw
                                                              • API String ID: 1102918649-3885325121
                                                              • Opcode ID: 63b90eb51e36da99dfdf6907576d312b6d38e6da8eb83a19fb44d603bba2df54
                                                              • Instruction ID: f6c42f7c65f3b2a4d804e1e034ed6484fcada6dc22bb41c6aa2b19c76be0e126
                                                              • Opcode Fuzzy Hash: 63b90eb51e36da99dfdf6907576d312b6d38e6da8eb83a19fb44d603bba2df54
                                                              • Instruction Fuzzy Hash: DF715872A013288BCB60DB94DC447DD73B8EF55314F1045E9E909A7A40DB395F88CF92
                                                              Function 00F8D710 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F8D5B0: SetLastError.KERNEL32(00000000), ref: 00F8D619
                                                                • Part of subcall function 00F8D5B0: GetModuleFileNameW.KERNEL32(00F80000,00000010,000007D0), ref: 00F8D64A
                                                                • Part of subcall function 00F8D5B0: GetLastError.KERNEL32 ref: 00F8D65A
                                                                • Part of subcall function 00F8D5B0: GetModuleFileNameW.KERNEL32(?,00000010,00002710), ref: 00F8D699
                                                                • Part of subcall function 00F8D5B0: GetLastError.KERNEL32 ref: 00F8D6AA
                                                              • PathFileExistsW.SHLWAPI(?,77E44823), ref: 00F8D76D
                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00F8D789
                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00F8D7CD
                                                              • VerQueryValueW.VERSION(00000000,\StringFileInfo\000004b0\ProductName,?,?), ref: 00F8D80B
                                                              • VerQueryValueW.VERSION(00000000,\StringFileInfo\000004b0\ProductVersion,00000000,00000000), ref: 00F8D81F
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              Strings
                                                              • \StringFileInfo\000004b0\ProductName, xrefs: 00F8D7F0
                                                              • \StringFileInfo\000004b0\ProductVersion, xrefs: 00F8D819
                                                              • #Hw/, xrefs: 00F8D727
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: File$ErrorLast$InfoModuleNameQueryValueVersion$ExistsHeapPathProcessSize
                                                              • String ID: #Hw/$\StringFileInfo\000004b0\ProductName$\StringFileInfo\000004b0\ProductVersion
                                                              • API String ID: 3929940758-1741590051
                                                              • Opcode ID: f437f7e5186314b9d98312583b742e496421bd81137ee541942f8c364ba5faa4
                                                              • Instruction ID: e8ac3bba504af2c2e76a155cca01a9dad2e10191996517d90af39760e9da7a48
                                                              • Opcode Fuzzy Hash: f437f7e5186314b9d98312583b742e496421bd81137ee541942f8c364ba5faa4
                                                              • Instruction Fuzzy Hash: AA516E71D00209AFDB10EBA8CD45BDEBBB8EF45324F244258E815B72D1DB74AD05DBA1
                                                              Function 00FB30FD Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00FB3872,?,00000000,?,00000000,00000000), ref: 00FB313F
                                                              • __fassign.LIBCMT ref: 00FB31BA
                                                              • __fassign.LIBCMT ref: 00FB31D5
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00FB31FB
                                                              • WriteFile.KERNEL32(?,?,00000000,00FB3872,00000000,?,?,?,?,?,?,?,?,?,00FB3872,?), ref: 00FB321A
                                                              • WriteFile.KERNEL32(?,?,00000001,00FB3872,00000000,?,?,?,?,?,?,?,?,?,00FB3872,?), ref: 00FB3253
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                              • String ID: #Hw/
                                                              • API String ID: 1324828854-1770964375
                                                              • Opcode ID: 18a6a01902a5bf4c0c38989c44403c8727526493da1e8ed1d9f76a4de6967bfb
                                                              • Instruction ID: 473a9d3546c6ff86898a15442fdd77c6ca703c9ee8cca137917be48fdc32647c
                                                              • Opcode Fuzzy Hash: 18a6a01902a5bf4c0c38989c44403c8727526493da1e8ed1d9f76a4de6967bfb
                                                              • Instruction Fuzzy Hash: 8F51C5B5E402099FDB10CFA9DC85AEEBBF8EF09310F14422AE956E7251D7309A44DF61
                                                              Function 00F986C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 129libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000060,77E44823), ref: 00F98740
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 00F98752
                                                              • FindResourceW.KERNEL32(00000000,?,?), ref: 00F98779
                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 00F98791
                                                                • Part of subcall function 00F87210: GetLastError.KERNEL32(00F8726A,?,?,?,?,00000000), ref: 00F87210
                                                              • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 00F98856
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                                                              • String ID: #Hw/
                                                              • API String ID: 328770362-1770964375
                                                              • Opcode ID: 80df366bb3478c84137a3e7dcd948e000be35f251630948a93952567bf26b31c
                                                              • Instruction ID: bba9ea87e693d01b4e446f4ccc693ad99f1ff272e46c39e35772559b2aed872d
                                                              • Opcode Fuzzy Hash: 80df366bb3478c84137a3e7dcd948e000be35f251630948a93952567bf26b31c
                                                              • Instruction Fuzzy Hash: 064195B2D0021C9BDF219F54CC44BEE77B4FB49750F5041A9F509A3241DB359E81AFA5
                                                              Function 6F844930 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(?), ref: 6F844967
                                                              • DestroyWindow.USER32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,6F85A708,000000FF), ref: 6F844974
                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,80000003,80000000,80000000,00000000,00000000,?,00000000,00000000), ref: 6F8449BE
                                                              • GetParent.USER32(?), ref: 6F844A1B
                                                              • SendMessageW.USER32(?,00000432,00000000,?), ref: 6F844A54
                                                              • SendMessageW.USER32(?,00000418,00000000,0000012C), ref: 6F844A65
                                                              • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 6F844A73
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindow$CreateDestroyParent
                                                              • String ID: tooltips_class32
                                                              • API String ID: 4257097765-1918224756
                                                              • Opcode ID: f8b1d3296a03cd3880e5a9b61bfb9aa62f55578bf9d3c079ee825b6bb9c0fff1
                                                              • Instruction ID: 428607d6a364645df708290abf98089650b090d971a16f0429a2a9d546401919
                                                              • Opcode Fuzzy Hash: f8b1d3296a03cd3880e5a9b61bfb9aa62f55578bf9d3c079ee825b6bb9c0fff1
                                                              • Instruction Fuzzy Hash: 2B416071A40608AFDF44CF69CC85B99BBB9FF45724F1081A9E904AB2D0D774A911CF94
                                                              Function 6F836BA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,00000000,00000002,?), ref: 6F836BC7
                                                              • GetClassInfoExW.USER32(00000000,00000000,?), ref: 6F836BFF
                                                              • GetClassInfoExW.USER32(00000000,00000030), ref: 6F836C12
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4), ref: 6F836C1D
                                                              • LoadCursorW.USER32(6F830000,?), ref: 6F836C5D
                                                              • GetClassInfoExW.USER32(00000000,00000000,?), ref: 6F836CA8
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4), ref: 6F836CC7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClassCriticalInfoSection$Leave$CursorEnterLoad
                                                              • String ID: ATL:%p
                                                              • API String ID: 3175245581-4171052921
                                                              • Opcode ID: 5c70de46fab470e0a27bf0c1e1a2c4a05b95e73ae123937f8caa1d04aff7bd7d
                                                              • Instruction ID: 80bb8e549a1467793736745b6838489301cdc339da92b7f5d2a8e9c7234ce432
                                                              • Opcode Fuzzy Hash: 5c70de46fab470e0a27bf0c1e1a2c4a05b95e73ae123937f8caa1d04aff7bd7d
                                                              • Instruction Fuzzy Hash: F8315C76A00214EFDF489FA8D888AAA7BB8FF09320F4044D9ED059E255E775E851CBD0
                                                              Function 6CF25270 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 85libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PathFileExistsW.SHLWAPI(00000000,?,00000000,C3D2D3B7,00000000,00000000,?,?), ref: 6CF252FB
                                                              • LoadLibraryW.KERNEL32(00000000,?,00000000,C3D2D3B7,00000000,00000000,?,?), ref: 6CF25308
                                                              • GetProcAddress.KERNEL32(00000000,SetCustomProxyExp), ref: 6CF25320
                                                              • GetProcAddress.KERNEL32(00000000,UrlReadToString), ref: 6CF2532C
                                                              • GetProcAddress.KERNEL32(00000000,PostExp), ref: 6CF25338
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressProc$ExistsFileLibraryLoadPath
                                                              • String ID: PostExp$SetCustomProxyExp$UrlReadToString
                                                              • API String ID: 3006711067-3005783805
                                                              • Opcode ID: 8d57ac8177db6665a12127813f25a7ee86995da596c654d3f4eb805f13fa636e
                                                              • Instruction ID: d021d9af1d8614048d464243ba37cada466bba15eaeb0423eed324c3e35593b7
                                                              • Opcode Fuzzy Hash: 8d57ac8177db6665a12127813f25a7ee86995da596c654d3f4eb805f13fa636e
                                                              • Instruction Fuzzy Hash: CD317E71A01A0AEBDB00DFA9CC44B5AFBB9FF15325F10C769E42497691DB399804CF90
                                                              Function 6F847D1E Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DecodePointer.KERNEL32(?,00000002,?,6F8480A0,6F8695D8,?,?,?,6F8425EA,00000000,00000000,?,?,00000000,6F85A4E8,000000FF), ref: 6F847D30
                                                              • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,00000002,?,6F8480A0,6F8695D8,?,?,?,6F8425EA,00000000,00000000,?), ref: 6F847D48
                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,6F85A4E8,000000FF), ref: 6F847DC4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DecodePointer$LibraryLoad
                                                              • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                              • API String ID: 1423960858-1745123996
                                                              • Opcode ID: 053420bedffc20d474e01162e8150a57cc455449dcfc0a8951bed80a7dccdd56
                                                              • Instruction ID: ee42d79fe186132fadf1e2e633057106ba5b59ef5abcf9fab11a7e2d915aa9a8
                                                              • Opcode Fuzzy Hash: 053420bedffc20d474e01162e8150a57cc455449dcfc0a8951bed80a7dccdd56
                                                              • Instruction Fuzzy Hash: 670184314216087FDE465B249D05BFE3B954B22398F000AE2FD096F28ADB165628C6D9
                                                              Function 6CF32513 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DecodePointer.KERNEL32(?,00000001,?,6CF32895,6CF53038,?,?,?,6CF28CC0,?,00000000,00000000,?,?,6CF28B92), ref: 6CF32525
                                                              • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,00000001,?,6CF32895,6CF53038,?,?,?,6CF28CC0,?,00000000,00000000), ref: 6CF3253D
                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CF28B92), ref: 6CF325B9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DecodePointer$LibraryLoad
                                                              • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                              • API String ID: 1423960858-1745123996
                                                              • Opcode ID: 51e7c1f2f28fe42d998683db4b4a765209f982b8455a2ce3bfd615a2c77477e8
                                                              • Instruction ID: f37af9bc0664ef3eddfd036a5bf2d14b4ced48649ebca4bdf8537f9a882f3f16
                                                              • Opcode Fuzzy Hash: 51e7c1f2f28fe42d998683db4b4a765209f982b8455a2ce3bfd615a2c77477e8
                                                              • Instruction Fuzzy Hash: 6C018472912A30B7CED69B1C9C58F8A3B545B22A4DF109054FD0CA7A53F7278B1C86F1
                                                              Function 00F93990 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,00000143,00000000,PNG), ref: 00F939AD
                                                              • SendMessageW.USER32(?,00000151,00000000,00000001), ref: 00F939BC
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F939CF
                                                              • SendMessageW.USER32(?,00000143,00000000,JPEG), ref: 00F939E0
                                                              • SendMessageW.USER32(?,00000151,00000000,00000002), ref: 00F939EF
                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00F93A02
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: JPEG$PNG
                                                              • API String ID: 3850602802-2386712348
                                                              • Opcode ID: 651b3fbd1c49dfd63e7d186b1127cc344c543bb07520b248d75e7e6aa8b98789
                                                              • Instruction ID: e094fe6b642405b41e0bbcc98ebf2891786a5f34dc0f965b9a3b925218d64fee
                                                              • Opcode Fuzzy Hash: 651b3fbd1c49dfd63e7d186b1127cc344c543bb07520b248d75e7e6aa8b98789
                                                              • Instruction Fuzzy Hash: 55F0443138070CBBFA212622DC87FA77A9AFB80B55F110429F784296F1C5E2AD10AB50
                                                              Function 6F83F6B0 Relevance: 13.7, APIs: 9, Instructions: 227COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • TrackMouseEvent.USER32 ref: 6F83F6F8
                                                              • IsRectEmpty.USER32(?), ref: 6F83F73D
                                                              • InflateRect.USER32(00000002,00000064,00000064), ref: 6F83F754
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83F764
                                                              • IsWindow.USER32(?), ref: 6F83F797
                                                              • IsWindow.USER32(?), ref: 6F83F7A3
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F7B7
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F7C1
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83F7CB
                                                                • Part of subcall function 6F837C80: UnionRect.USER32(00000000,00000000,00000000), ref: 6F837CF4
                                                                • Part of subcall function 6F837C80: UnionRect.USER32(00000000,00000000,00000000), ref: 6F837D5E
                                                                • Part of subcall function 6F837C80: UnionRect.USER32(?,00000000,00000000), ref: 6F837D84
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$Window$ShowUnion$EmptyEventInflateInvalidateMouseTrack
                                                              • String ID:
                                                              • API String ID: 1039055163-0
                                                              • Opcode ID: 9b98c4acf40836396cdf88cbc3cb05a9cd622a1eaacec823ed2d89c7f35189e9
                                                              • Instruction ID: 3d2f98e9da45a62abe439f203e6fd782dda75bdc592db52ff081ceef58af0bcd
                                                              • Opcode Fuzzy Hash: 9b98c4acf40836396cdf88cbc3cb05a9cd622a1eaacec823ed2d89c7f35189e9
                                                              • Instruction Fuzzy Hash: 89916432A043159FCB08DF68D884A9ABBE1FF88710F0589BAEC599F265D731D914CBD1
                                                              Function 6F83FA80 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(?), ref: 6F83FAB8
                                                              • IsWindow.USER32(?), ref: 6F83FAC4
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83FAD8
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83FAE2
                                                              • ShowWindow.USER32(?,00000000), ref: 6F83FAEC
                                                              • IsRectEmpty.USER32(?), ref: 6F83FB63
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83FB76
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83FB86
                                                              • PtInRect.USER32(?,?,?), ref: 6F83FBC7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Rect$Show$EmptyInflateInvalidate
                                                              • String ID:
                                                              • API String ID: 3931723411-0
                                                              • Opcode ID: 3eb9899e91eb9cd3d0a7e8adfe7782f4bfc888cdb535bd7dd7cfc720d4e424b9
                                                              • Instruction ID: d4e45c5d9896465a842ed7a2e1554be276f01d08674e623355ba4b8ea1377cd2
                                                              • Opcode Fuzzy Hash: 3eb9899e91eb9cd3d0a7e8adfe7782f4bfc888cdb535bd7dd7cfc720d4e424b9
                                                              • Instruction Fuzzy Hash: F6411D71604715AFDB08CF64C844A9EBBE5FF58314F004A6AF9599B250DB34E924CFE2
                                                              Function 6F844620 Relevance: 13.6, APIs: 9, Instructions: 105COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Global$FreeUnlock$DeleteObject$Select
                                                              • String ID:
                                                              • API String ID: 1815509150-0
                                                              • Opcode ID: 06e71a2a57482fff7066aca3537710aac9bab0ce955c41326593890a684d55e6
                                                              • Instruction ID: 060f89bf0ce28a2ca006fe9183dc9b8cab615944e3d073e6a7bc0e8bd20525d6
                                                              • Opcode Fuzzy Hash: 06e71a2a57482fff7066aca3537710aac9bab0ce955c41326593890a684d55e6
                                                              • Instruction Fuzzy Hash: F241B674201B049FEB289F66C958B56BBE5BF89705F00089DE9928BB61D7B5F404CB50
                                                              Function 6F83E040 Relevance: 13.6, APIs: 9, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsRectEmpty.USER32(?), ref: 6F83E089
                                                              • InflateRect.USER32(00000064,00000064,00000064), ref: 6F83E0A8
                                                              • InvalidateRect.USER32(?,00000000,00000000,?,?,?), ref: 6F83E0B4
                                                              • IsRectEmpty.USER32(?), ref: 6F83E0FB
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83E10E
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83E11A
                                                              • UpdateWindow.USER32(?), ref: 6F83E126
                                                              • RedrawWindow.USER32(?,00000000,00000000,00000121), ref: 6F83E141
                                                              • RedrawWindow.USER32(?,00000000,00000000,00000121), ref: 6F83E152
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$Window$EmptyInflateInvalidateRedraw$Update
                                                              • String ID:
                                                              • API String ID: 4025079481-0
                                                              • Opcode ID: 9e7e4fa202e5920b4de0ae1754083d43ba8505225daf54ef94d17d21940c3697
                                                              • Instruction ID: 1c1cac6fc39a284db10ddbe23500c445320812f197796ef0aca2e8752b9bda7b
                                                              • Opcode Fuzzy Hash: 9e7e4fa202e5920b4de0ae1754083d43ba8505225daf54ef94d17d21940c3697
                                                              • Instruction Fuzzy Hash: D5312871608305AFD704DF64C885B9EBBE8BF88714F00496AF5599B290DB70E924CF92
                                                              Function 6F840AE0 Relevance: 13.6, APIs: 9, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F840A40: EnumDisplayMonitors.USER32(00000000,00000000,6F840980,?,00000000,75BF4000), ref: 6F840A6A
                                                                • Part of subcall function 6F840A40: CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A74
                                                                • Part of subcall function 6F840A40: CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A91
                                                                • Part of subcall function 6F840A40: CombineRgn.GDI32(?,?,00000000,00000002), ref: 6F840AA1
                                                                • Part of subcall function 6F840A40: DeleteObject.GDI32(00000000), ref: 6F840AAC
                                                              • RectInRegion.GDI32(00000000,?), ref: 6F840AFD
                                                              • RectInRegion.GDI32(00000000,?), ref: 6F840B07
                                                              • GetSystemMetrics.USER32(00000000), ref: 6F840B1A
                                                              • GetSystemMetrics.USER32(00000001), ref: 6F840B23
                                                              • SetRect.USER32(?,?,?,00000000,00000000), ref: 6F840B44
                                                              • OffsetRect.USER32(?,000000FB,000000FB), ref: 6F840B51
                                                              • SetRect.USER32(?,?,?,?,?), ref: 6F840B86
                                                              • OffsetRect.USER32(?,000000FB,000000FB), ref: 6F840B8D
                                                              • DeleteObject.GDI32(?), ref: 6F840B98
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$CreateDeleteIndirectMetricsObjectOffsetRegionSystem$CombineDisplayEnumMonitors
                                                              • String ID:
                                                              • API String ID: 1353633225-0
                                                              • Opcode ID: 1fdde95cd361966109f1580ad15c8335a92ef3b35b2a29915486507be6f491a3
                                                              • Instruction ID: d4a68e2a3600ffc5128d1075f436af9f43ba55b012654807c4ec424896649633
                                                              • Opcode Fuzzy Hash: 1fdde95cd361966109f1580ad15c8335a92ef3b35b2a29915486507be6f491a3
                                                              • Instruction Fuzzy Hash: 33214172604219AFDB00DFACCC80E6ABBECEF593247158699F915DB251CA74FC11CBA0
                                                              Function 6F835890 Relevance: 13.6, APIs: 9, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32 ref: 6F8358D1
                                                              • GetSystemMetrics.USER32 ref: 6F8358FF
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F835905
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83590C
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F835912
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F835919
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83591E
                                                              • SetRect.USER32(00000000,00000000,?,?,0000004F), ref: 6F835926
                                                              • SetWindowPos.USER32(?,00000000,?,00000000,00000000,00000000,00000005,?,?,0000004F,?,?,?,00000000), ref: 6F83596B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$RectWindow
                                                              • String ID:
                                                              • API String ID: 3640328222-0
                                                              • Opcode ID: 72ab06ef93400124a26383328c9ef5284f2dd8ca73c867c06e18662a840795d1
                                                              • Instruction ID: b49bbec538087a27a933ca163d27c48fa877909bd818350d21747b861b352993
                                                              • Opcode Fuzzy Hash: 72ab06ef93400124a26383328c9ef5284f2dd8ca73c867c06e18662a840795d1
                                                              • Instruction Fuzzy Hash: 26214BB1608300AFE7109F64CC49B6BBBE4EFC8724F014A5DFA98962C0D7749914CB96
                                                              Function 6F83C9C0 Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                                • Part of subcall function 6F83B960: InflateRect.USER32(?,00000032,00000032), ref: 6F83B9B3
                                                                • Part of subcall function 6F83B960: InvalidateRect.USER32(?,?,00000000), ref: 6F83B9BE
                                                                • Part of subcall function 6F83B960: InflateRect.USER32(?,00000014,00000014), ref: 6F83B9F4
                                                                • Part of subcall function 6F83B960: InvalidateRect.USER32(?,?,00000000), ref: 6F83B9FF
                                                                • Part of subcall function 6F83B960: InflateRect.USER32(?,00000032,00000032), ref: 6F83BA3C
                                                                • Part of subcall function 6F83B960: InvalidateRect.USER32(?,?,00000000), ref: 6F83BA47
                                                                • Part of subcall function 6F83B960: GetSystemMetrics.USER32(0000004F), ref: 6F83BA71
                                                                • Part of subcall function 6F83B960: GetSystemMetrics.USER32(0000004D), ref: 6F83BA77
                                                                • Part of subcall function 6F83B960: GetSystemMetrics.USER32(0000004E), ref: 6F83BA7E
                                                                • Part of subcall function 6F83B960: GetSystemMetrics.USER32(0000004C), ref: 6F83BA84
                                                                • Part of subcall function 6F83B960: GetSystemMetrics.USER32(0000004D), ref: 6F83BA8B
                                                              • SetRectEmpty.USER32(?), ref: 6F83C9E8
                                                              • SetRectEmpty.USER32(?), ref: 6F83C9EB
                                                                • Part of subcall function 6F843050: GetDC.USER32(00000000), ref: 6F843074
                                                                • Part of subcall function 6F843050: GetDeviceCaps.GDI32(00000000,00000058), ref: 6F843089
                                                                • Part of subcall function 6F843050: GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F843090
                                                                • Part of subcall function 6F843050: ReleaseDC.USER32(00000000,00000000), ref: 6F843095
                                                                • Part of subcall function 6F843050: MulDiv.KERNEL32(00000003,00000060,00000060), ref: 6F8430A4
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 6F83CA02
                                                              • SetCursor.USER32(00000000,?,?,?,?,6F8403B3), ref: 6F83CA09
                                                              • IsWindow.USER32(?), ref: 6F83CA2A
                                                              • IsWindow.USER32(?), ref: 6F83CA36
                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,6F8403B3), ref: 6F83CA4A
                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,6F8403B3), ref: 6F83CA54
                                                              • ShowWindow.USER32(?,00000000,?,?,?,?,6F8403B3), ref: 6F83CA5E
                                                                • Part of subcall function 6F835670: GetCursorPos.USER32(?), ref: 6F83568B
                                                                • Part of subcall function 6F835670: ScreenToClient.USER32(00000000,00000000), ref: 6F835698
                                                                • Part of subcall function 6F835670: ClientToScreen.USER32(00000000,?), ref: 6F8356B1
                                                                • Part of subcall function 6F835670: SendMessageW.USER32(00000000,00000412,00000000), ref: 6F8356D4
                                                                • Part of subcall function 6F835670: SendMessageW.USER32(00000000,00000411,00000001), ref: 6F8356E6
                                                                • Part of subcall function 6F835670: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 6F8356FB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: RectWindow$MetricsSystem$CursorInflateInvalidateShow$CapsClientDeviceEmptyMessageScreenSend$LoadRedrawRelease
                                                              • String ID:
                                                              • API String ID: 806430772-0
                                                              • Opcode ID: 09b7cac5aad46032ee52a4f67ac5737fc348f1468ed280d68e6e295790ad3e80
                                                              • Instruction ID: 6c79ac973f0fcff5c410c5c40ceaad8b866100738abfc33c00de5115e163e9a2
                                                              • Opcode Fuzzy Hash: 09b7cac5aad46032ee52a4f67ac5737fc348f1468ed280d68e6e295790ad3e80
                                                              • Instruction Fuzzy Hash: 9911A172B006296BDF045BB5CC49BEA7F58EF41761F0406F6AD08AF1A5DB647820CAE4
                                                              Function 6CF23140 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 474COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                                • Part of subcall function 6CF21800: __CxxThrowException@8.LIBVCRUNTIME ref: 6CF21812
                                                              • GetWindowDC.USER32(00000000,0000000C,?,6CF4AA54,6CF4AA54,00000000), ref: 6CF235FB
                                                              • GetDeviceCaps.GDI32(00000000), ref: 6CF23602
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6CF23621
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6CF23626
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footerMetricsSystem$CapsDeviceException@8HeapProcessThrowWindow
                                                              • String ID: %dx%d$ga_first_time$ga_unique_id
                                                              • API String ID: 1167066769-724932527
                                                              • Opcode ID: f9016feeb7d89b324cc9c435f95651c77fd9aaab68e8ad78641cdc6bb60379bf
                                                              • Instruction ID: dbbffe757c9fc40e95c94f9cc636f65907ff6af03a50f1b24a20f1e0e3327730
                                                              • Opcode Fuzzy Hash: f9016feeb7d89b324cc9c435f95651c77fd9aaab68e8ad78641cdc6bb60379bf
                                                              • Instruction Fuzzy Hash: 330290B0A00645DFDB04CFA8C844B9EBBF5EF55318F14859DE405ABB91DB39AD08CBA1
                                                              Function 00F97490 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 00F974D0
                                                                • Part of subcall function 00F83A10: new.LIBCMT ref: 00F83A45
                                                              • new.LIBCMT ref: 00F9753B
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07A7
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F8199B
                                                              • new.LIBCMT ref: 00F975E8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task
                                                              • String ID: #Hw/$app_id$app_token$detach_application
                                                              • API String ID: 118556049-3634006341
                                                              • Opcode ID: f3d61f74e7b249c2f7464a8d9b01b8ab0b8d006bef87979cf3cc9fede46ccc5c
                                                              • Instruction ID: 0796500023b7c827064a30070c2c0777fef50bd19c899bd7587df82e49334c3e
                                                              • Opcode Fuzzy Hash: f3d61f74e7b249c2f7464a8d9b01b8ab0b8d006bef87979cf3cc9fede46ccc5c
                                                              • Instruction Fuzzy Hash: 2671AE70D14708AFEB00EBA8CC45BEEBBB5AF05724F144158E405AB291DB79AE04DBA1
                                                              Function 00F97700 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 00F97740
                                                                • Part of subcall function 00F83A10: new.LIBCMT ref: 00F83A45
                                                              • new.LIBCMT ref: 00F977AB
                                                                • Part of subcall function 00FA078F: Concurrency::cancel_current_task.LIBCPMT ref: 00FA07A7
                                                                • Part of subcall function 00F818A0: new.LIBCMT ref: 00F8199B
                                                              • new.LIBCMT ref: 00F97858
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task
                                                              • String ID: #Hw/$app_id$app_token$get_user
                                                              • API String ID: 118556049-1222291396
                                                              • Opcode ID: 496668d5ed1b2606d851687f130f8a3fc564710b41bd538378210c6b997902c6
                                                              • Instruction ID: a1035ebe47d42bff1268cf7178c3aba1a71d0000b1d144008a43a404f2b61ab8
                                                              • Opcode Fuzzy Hash: 496668d5ed1b2606d851687f130f8a3fc564710b41bd538378210c6b997902c6
                                                              • Instruction Fuzzy Hash: DF71AF70D14308AFEB00EBA8CC45BEEBBF5EF45720F144158E405A7281DB79AE44DBA1
                                                              Function 6F836B10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,00000000,00000002,?), ref: 6F836BC7
                                                              • GetClassInfoExW.USER32(00000000,00000000,?), ref: 6F836BFF
                                                              • GetClassInfoExW.USER32(00000000,00000030), ref: 6F836C12
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4), ref: 6F836C1D
                                                              • GetClassInfoExW.USER32(00000000,00000000,?), ref: 6F836CA8
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4), ref: 6F836CC7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClassCriticalInfoSection$Leave$Enter
                                                              • String ID: ATL:%p
                                                              • API String ID: 1767261764-4171052921
                                                              • Opcode ID: d112e3a83833747ff7fb9a29ec087cf0043a39556093aafd7447ce2233ea4efd
                                                              • Instruction ID: 8902a4435f4aafaa9ba79a10553f93cc056130557399e116d6acd7d76ca8c6c1
                                                              • Opcode Fuzzy Hash: d112e3a83833747ff7fb9a29ec087cf0043a39556093aafd7447ce2233ea4efd
                                                              • Instruction Fuzzy Hash: 7351C376A002149BDF18DF98D880E9AB7B5FF46320F1048EAED189F265E731E851CBD1
                                                              Function 00F9F1B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F9A790: CreatePropertySheetPageW.COMCTL32(?,?,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A81B
                                                                • Part of subcall function 00F9A790: SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A840
                                                                • Part of subcall function 00F9A790: DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A859
                                                                • Part of subcall function 00F9A790: CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A862
                                                                • Part of subcall function 00F9A790: SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A881
                                                                • Part of subcall function 00F9A790: DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A89A
                                                                • Part of subcall function 00F9A790: CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8A3
                                                                • Part of subcall function 00F9A790: SendMessageW.USER32(00000004,00000467,00000000,00000000), ref: 00F9A8C2
                                                                • Part of subcall function 00F9A790: DestroyPropertySheetPage.COMCTL32(00000000,?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8DB
                                                                • Part of subcall function 00F9A790: CreatePropertySheetPageW.COMCTL32(?,?,77E44823,?,?,?,?,?,00FB89ED,000000FF), ref: 00F9A8E4
                                                              • UnregisterHotKey.USER32(00000003,00000000,?,77E44823,?,?,?), ref: 00F9F259
                                                              • UnregisterHotKey.USER32(00000003,00000001,?,?), ref: 00F9F260
                                                              • UnregisterHotKey.USER32(00000003,00000002,?,?), ref: 00F9F267
                                                              • GetActiveWindow.USER32 ref: 00F9F270
                                                                • Part of subcall function 00F9F610: SetLastError.KERNEL32(0000000E,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F649
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: PagePropertySheet$Create$DestroyMessageSendUnregister$ActiveErrorLastWindow
                                                              • String ID: #Hw/$Options$[[screenshot_app.options]]
                                                              • API String ID: 2476853559-3835820895
                                                              • Opcode ID: 397c32ec6020bb514e7bc9272c945c5bd0454f183e056897ed7e631d5e613ac8
                                                              • Instruction ID: 3ec379c24b8dd8b18dca2c65529cb16b18b77784d60543e6902a1e4817f409e8
                                                              • Opcode Fuzzy Hash: 397c32ec6020bb514e7bc9272c945c5bd0454f183e056897ed7e631d5e613ac8
                                                              • Instruction Fuzzy Hash: 0951E630A00649AFEB01EB68CC45F9EBBA5FF45320F188269F415DB2A1DB789D04DBD1
                                                              Function 6CF26A30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF268D0: SetLastError.KERNEL32(00000000), ref: 6CF26939
                                                                • Part of subcall function 6CF268D0: GetModuleFileNameW.KERNEL32(6CF20000,00000010,000007D0), ref: 6CF2696A
                                                                • Part of subcall function 6CF268D0: GetLastError.KERNEL32 ref: 6CF2697A
                                                                • Part of subcall function 6CF268D0: GetModuleFileNameW.KERNEL32(00000000,00000010,00002710), ref: 6CF269B9
                                                                • Part of subcall function 6CF268D0: GetLastError.KERNEL32 ref: 6CF269CA
                                                              • PathFileExistsW.SHLWAPI(?,000000FF,C3D2D3B7,?,?,?,?,?,?,?,?,?,?,?,6CF44828,000000FF), ref: 6CF26A8D
                                                              • GetFileVersionInfoSizeW.VERSION(000000FF,?), ref: 6CF26AA9
                                                              • GetFileVersionInfoW.VERSION(000000FF,00000000,00000000,00000000,00000000), ref: 6CF26AED
                                                              • VerQueryValueW.VERSION(00000000,\StringFileInfo\000004b0\ProductName,?,6CF44828), ref: 6CF26B2B
                                                              • VerQueryValueW.VERSION(00000000,\StringFileInfo\000004b0\ProductVersion,00000000,00000000), ref: 6CF26B3F
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                              Strings
                                                              • \StringFileInfo\000004b0\ProductVersion, xrefs: 6CF26B39
                                                              • \StringFileInfo\000004b0\ProductName, xrefs: 6CF26B10
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: File$ErrorLast$InfoInit_thread_footerModuleNameQueryValueVersion$ExistsHeapPathProcessSize
                                                              • String ID: \StringFileInfo\000004b0\ProductName$\StringFileInfo\000004b0\ProductVersion
                                                              • API String ID: 1290476977-2956573855
                                                              • Opcode ID: 2fc635461a97354b2254876d2b56822fe4be6b476c63938a168b4e8fc09cb96d
                                                              • Instruction ID: 60e9f198c856be06878ad970dfa299981f6f860d7ec865b289b974b2659fd627
                                                              • Opcode Fuzzy Hash: 2fc635461a97354b2254876d2b56822fe4be6b476c63938a168b4e8fc09cb96d
                                                              • Instruction Fuzzy Hash: 28513F71901149ABDB00DBE4CC54BDEBBB8EF49328F108259E814B7690D739AD09CBA0
                                                              Function 6F8467B9 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126stringregistryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrcmpiW.KERNEL32(00000000,Delete,00000000), ref: 6F8467D0
                                                              • lstrcmpiW.KERNEL32(00000000,ForceRemove), ref: 6F8467E1
                                                              • CharNextW.USER32(00000000,?,?,?,00000000), ref: 6F846847
                                                              • lstrcmpiW.KERNEL32(00000000,6F8620C4,?,?,?,00000000), ref: 6F846869
                                                              • lstrcmpiW.KERNEL32(00000000,NoRemove,00000000), ref: 6F846915
                                                              • lstrcmpiW.KERNEL32(00000000,Val), ref: 6F846943
                                                              • RegCloseKey.ADVAPI32(00000000,00000000), ref: 6F846E9C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpi$CharCloseNext
                                                              • String ID: Delete$ForceRemove
                                                              • API String ID: 2333018020-3704084903
                                                              • Opcode ID: 6fd54a2687a30310abac3bc4f1bdc6fccd3419407a452a47a25e2544defaef32
                                                              • Instruction ID: d88c1bdc29991ee12d27c663d758c12f8a5848fbccc5bc9a97ecfd1e4b2b21b9
                                                              • Opcode Fuzzy Hash: 6fd54a2687a30310abac3bc4f1bdc6fccd3419407a452a47a25e2544defaef32
                                                              • Instruction Fuzzy Hash: 46418031A0062DABDF289F58C8987AAF7B4BF42714F1009DED9056F280DB799E44CB91
                                                              Function 6CF2CBA9 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126stringregistryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrcmpiW.KERNEL32(00000000,Delete,00000000), ref: 6CF2CBC0
                                                              • lstrcmpiW.KERNEL32(00000000,ForceRemove), ref: 6CF2CBD1
                                                              • CharNextW.USER32(00000000,?,?,?,00000000), ref: 6CF2CC37
                                                              • lstrcmpiW.KERNEL32(00000000,6CF4CED4,?,?,?,00000000), ref: 6CF2CC59
                                                              • lstrcmpiW.KERNEL32(00000000,NoRemove,00000000), ref: 6CF2CD05
                                                              • lstrcmpiW.KERNEL32(00000000,Val), ref: 6CF2CD33
                                                              • RegCloseKey.ADVAPI32(00000000,00000000), ref: 6CF2D28C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpi$CharCloseNext
                                                              • String ID: Delete$ForceRemove
                                                              • API String ID: 2333018020-3704084903
                                                              • Opcode ID: 31faef79e2a32ea6ce383cd91d1ba5c980f8917add6efe8772eae1e340e6b16b
                                                              • Instruction ID: 637fb8aa38aea24b2af51aeaf3f7b832c066e9f584fe41780de0437baec5cf85
                                                              • Opcode Fuzzy Hash: 31faef79e2a32ea6ce383cd91d1ba5c980f8917add6efe8772eae1e340e6b16b
                                                              • Instruction Fuzzy Hash: 8541E471A0522597EF24AFD888587AAB6B4BF44708F10419DEC06A7B80DB7DCE44CFA0
                                                              Function 00F99779 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126stringregistryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrcmpiW.KERNEL32(00000000,Delete,00000000), ref: 00F99790
                                                              • lstrcmpiW.KERNEL32(00000000,ForceRemove), ref: 00F997A1
                                                              • CharNextW.USER32(00000000,?,?,?,00000000), ref: 00F99807
                                                              • lstrcmpiW.KERNEL32(00000000,00FC1F04,?,?,?,00000000), ref: 00F99829
                                                              • lstrcmpiW.KERNEL32(00000000,NoRemove,00000000), ref: 00F998D5
                                                              • lstrcmpiW.KERNEL32(00000000,Val), ref: 00F99903
                                                              • RegCloseKey.ADVAPI32(00000000,00000000), ref: 00F99E5C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: lstrcmpi$CharCloseNext
                                                              • String ID: Delete$ForceRemove
                                                              • API String ID: 2333018020-3704084903
                                                              • Opcode ID: fb03f68497c6b3d8dbed640a30744bba11bb8239e712ebfb63ea5c7668b5fdb2
                                                              • Instruction ID: 45ef24c4f3243b267fc24136424ba204460b2e39df2506db4347fb8390ba3dcb
                                                              • Opcode Fuzzy Hash: fb03f68497c6b3d8dbed640a30744bba11bb8239e712ebfb63ea5c7668b5fdb2
                                                              • Instruction Fuzzy Hash: 3241D731D0822697EF34AF98CC947BEB2B0BF41754F05019DD90567290DBB98E84EFA1
                                                              Function 00F9C9B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102registrywindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegisterWindowMessageW.USER32(GetUserRequestDone,?,?,?,?,?,?,000000FF), ref: 00F9CA12
                                                              • RegisterWindowMessageW.USER32(?,?,?,AttachRequestDone,?,?,?,?,?,?,000000FF), ref: 00F9CA23
                                                              • RegisterWindowMessageW.USER32 ref: 00F9CA78
                                                              • RegisterWindowMessageW.USER32 ref: 00F9CABF
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageRegisterWindow$ErrorException@8HeapLastProcessThrow
                                                              • String ID: #Hw/$AttachRequestDone$GetUserRequestDone
                                                              • API String ID: 2724320918-744081139
                                                              • Opcode ID: dae736e25a2f1a716b579e714cbfe677d60e2e408d9ff8902b9851ff55f82535
                                                              • Instruction ID: 4d808ff95494bf07b0ff2f187dc3e3d885a4149fdbb8372efb7db7da68a73950
                                                              • Opcode Fuzzy Hash: dae736e25a2f1a716b579e714cbfe677d60e2e408d9ff8902b9851ff55f82535
                                                              • Instruction Fuzzy Hash: 3241AEB0500745DFDB50DF68C985B8ABBE4FF04314F14866DE8599B282DBB4A508DFA1
                                                              Function 00F9D6B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97windowsynchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D702
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D70B
                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D719
                                                              • DestroyMenu.USER32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D792
                                                              • DestroyMenu.USER32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D7A7
                                                              • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,77E44823,?,?,?,00FB6E30,000000FF), ref: 00F9D7BC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Destroy$Menu$CloseFreeHandleIconLibraryMutexRelease
                                                              • String ID: #Hw/
                                                              • API String ID: 552364501-1770964375
                                                              • Opcode ID: 827583f873501a343e5a12fabb7c62d37ba858e584e4d3a3a5f81a9e3212d8c4
                                                              • Instruction ID: 4815fb797f4f2913437a957a8fc413b1e46ee6160b15f885ee538be9c5d849c1
                                                              • Opcode Fuzzy Hash: 827583f873501a343e5a12fabb7c62d37ba858e584e4d3a3a5f81a9e3212d8c4
                                                              • Instruction Fuzzy Hash: C4318831600B069FEB60DF69CC84B1AB7E8EF44764F148A1DE846C7691DB79E804DFA1
                                                              Function 6F839EB0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65synchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(00000000,6EB740BD,?,?,?,6F8595D5,000000FF,?,6F83714B,?), ref: 6F839ED6
                                                              • CreateMutexW.KERNEL32(00000000,00000001,COOL_SCREENSHOT_MUTEX_YARRR,?,?,?,6F8595D5,000000FF,?,6F83714B,?), ref: 6F839EE5
                                                              • GetLastError.KERNEL32(?,?,?,6F8595D5,000000FF,?,6F83714B,?), ref: 6F839EED
                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,6F8595D5,000000FF,?,6F83714B,?), ref: 6F839F78
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,6F8595D5,000000FF,?,6F83714B,?), ref: 6F839F7F
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004F), ref: 6F8410E4
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004D), ref: 6F8410EA
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004E), ref: 6F8410F1
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004C), ref: 6F8410F7
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004D), ref: 6F8410FE
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004C), ref: 6F841103
                                                                • Part of subcall function 6F841090: SetRect.USER32(00000000,00000000,?,00000000), ref: 6F84110A
                                                                • Part of subcall function 6F841090: GetObjectW.GDI32(6F86A4C8,00000018,00000000), ref: 6F841130
                                                                • Part of subcall function 6F841090: GetWindowDC.USER32(00000000,?,00000000), ref: 6F841175
                                                                • Part of subcall function 6F841090: CreateCompatibleDC.GDI32(00000000), ref: 6F841186
                                                                • Part of subcall function 6F841090: SelectObject.GDI32(00000000,6F86A4C8), ref: 6F841194
                                                                • Part of subcall function 6F83AE30: SelectObject.GDI32(?,?), ref: 6F83AE7A
                                                                • Part of subcall function 6F83AE30: DeleteObject.GDI32(?), ref: 6F83AEAE
                                                                • Part of subcall function 6F83AE30: SelectObject.GDI32(?), ref: 6F83AEC1
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004F), ref: 6F83AEED
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004D), ref: 6F83AEF3
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004E), ref: 6F83AEFA
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004C), ref: 6F83AF00
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004D), ref: 6F83AF07
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004C), ref: 6F83AF0C
                                                                • Part of subcall function 6F83AE30: SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83AF13
                                                                • Part of subcall function 6F83AE30: GetObjectW.GDI32(?,00000018,?), ref: 6F83AF3D
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004F), ref: 6F83E4B4
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004D), ref: 6F83E4BA
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004E), ref: 6F83E4C1
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004C), ref: 6F83E4C7
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004D), ref: 6F83E4CE
                                                                • Part of subcall function 6F83E440: GetSystemMetrics.USER32(0000004C), ref: 6F83E4D3
                                                                • Part of subcall function 6F83E440: SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83E4E1
                                                                • Part of subcall function 6F83E440: SetRect.USER32(00000000,00000000,00000000,00000000,00000000), ref: 6F83E4FE
                                                              Strings
                                                              • COOL_SCREENSHOT_MUTEX_YARRR, xrefs: 6F839EDC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Object$Rect$Select$CreateErrorLastMutex$CloseCompatibleDeleteHandleReleaseWindow
                                                              • String ID: COOL_SCREENSHOT_MUTEX_YARRR
                                                              • API String ID: 1031793575-4002691488
                                                              • Opcode ID: aad0e49bcc7b914b71af5d243fcda05f386a6eff75ddf89189a6f6b4296817f4
                                                              • Instruction ID: a2100087acc60af9ee317dd22ebb9047d1aba9fefacc73ce38219719013b1514
                                                              • Opcode Fuzzy Hash: aad0e49bcc7b914b71af5d243fcda05f386a6eff75ddf89189a6f6b4296817f4
                                                              • Instruction Fuzzy Hash: 79218432944B24ABCF449BA4CD48B697769EB06325F0009D5F41A9B6E4CF389820CBE1
                                                              Function 6F837080 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55synchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(00000000,6EB740BD,?,?,?,6F8595D5,000000FF), ref: 6F8370A6
                                                              • CreateMutexW.KERNEL32(00000000,00000001,COOL_SCREENSHOT_MUTEX_YARRR,?,?,?,6F8595D5,000000FF), ref: 6F8370B5
                                                              • GetLastError.KERNEL32(?,?,?,6F8595D5,000000FF), ref: 6F8370BD
                                                              • GetActiveWindow.USER32 ref: 6F837103
                                                                • Part of subcall function 6F839FA0: SetLastError.KERNEL32(0000000E,00000000,?,6F837115,00000000,?,00000000,?,?,?,?,6F8595D5,000000FF), ref: 6F839FBA
                                                                • Part of subcall function 6F83B180: SetRectEmpty.USER32(011CB0B4), ref: 6F83B25B
                                                                • Part of subcall function 6F83B180: SetRectEmpty.USER32(011CB010), ref: 6F83B25E
                                                                • Part of subcall function 6F83B180: SelectObject.GDI32(?,?), ref: 6F83B280
                                                                • Part of subcall function 6F83B180: SelectObject.GDI32(?,?), ref: 6F83B28E
                                                                • Part of subcall function 6F83B180: DeleteObject.GDI32(?), ref: 6F83B296
                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,6F8595D5,000000FF), ref: 6F837121
                                                              • CloseHandle.KERNEL32(00000000,?,?,?,6F8595D5,000000FF), ref: 6F837128
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004F), ref: 6F8410E4
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004D), ref: 6F8410EA
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004E), ref: 6F8410F1
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004C), ref: 6F8410F7
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004D), ref: 6F8410FE
                                                                • Part of subcall function 6F841090: GetSystemMetrics.USER32(0000004C), ref: 6F841103
                                                                • Part of subcall function 6F841090: SetRect.USER32(00000000,00000000,?,00000000), ref: 6F84110A
                                                                • Part of subcall function 6F841090: GetObjectW.GDI32(6F86A4C8,00000018,00000000), ref: 6F841130
                                                                • Part of subcall function 6F841090: GetWindowDC.USER32(00000000,?,00000000), ref: 6F841175
                                                                • Part of subcall function 6F841090: CreateCompatibleDC.GDI32(00000000), ref: 6F841186
                                                                • Part of subcall function 6F841090: SelectObject.GDI32(00000000,6F86A4C8), ref: 6F841194
                                                                • Part of subcall function 6F83AE30: SelectObject.GDI32(?,?), ref: 6F83AE7A
                                                                • Part of subcall function 6F83AE30: DeleteObject.GDI32(?), ref: 6F83AEAE
                                                                • Part of subcall function 6F83AE30: SelectObject.GDI32(?), ref: 6F83AEC1
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004F), ref: 6F83AEED
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004D), ref: 6F83AEF3
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004E), ref: 6F83AEFA
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004C), ref: 6F83AF00
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004D), ref: 6F83AF07
                                                                • Part of subcall function 6F83AE30: GetSystemMetrics.USER32(0000004C), ref: 6F83AF0C
                                                                • Part of subcall function 6F83AE30: SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83AF13
                                                                • Part of subcall function 6F83AE30: GetObjectW.GDI32(?,00000018,?), ref: 6F83AF3D
                                                              Strings
                                                              • COOL_SCREENSHOT_MUTEX_YARRR, xrefs: 6F8370AC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Object$Select$Rect$ErrorLast$CreateDeleteEmptyMutexWindow$ActiveCloseCompatibleHandleRelease
                                                              • String ID: COOL_SCREENSHOT_MUTEX_YARRR
                                                              • API String ID: 1299291021-4002691488
                                                              • Opcode ID: f25f7041252ee6120df47d8a939c170a7aec793d608a7535b572b2ff9b43b8ca
                                                              • Instruction ID: 44cf5ac15cc7f253e7505a7ac226b4b0a0fa3bcb246a553478e49d5423d52573
                                                              • Opcode Fuzzy Hash: f25f7041252ee6120df47d8a939c170a7aec793d608a7535b572b2ff9b43b8ca
                                                              • Instruction Fuzzy Hash: 77117372944B18EBCF449BA4CD4CB6E7768EB0A735F000AD5F41A9B6D0DB385920CBE1
                                                              Function 6CF3D5BF Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,6CF36EFE,6CF36EFE,?,?,?,6CF3D810,00000001,00000001,82E85006), ref: 6CF3D619
                                                              • __alloca_probe_16.LIBCMT ref: 6CF3D651
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6CF3D810,00000001,00000001,82E85006,?,?,?), ref: 6CF3D69F
                                                              • __alloca_probe_16.LIBCMT ref: 6CF3D736
                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,82E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6CF3D799
                                                              • __freea.LIBCMT ref: 6CF3D7A6
                                                                • Part of subcall function 6CF3997F: HeapAlloc.KERNEL32(00000000,?,00000004,?,6CF3BC6A,?,00000000,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546), ref: 6CF399B1
                                                              • __freea.LIBCMT ref: 6CF3D7AF
                                                              • __freea.LIBCMT ref: 6CF3D7D4
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                              • String ID:
                                                              • API String ID: 2597970681-0
                                                              • Opcode ID: 466cb049c70d5e4a330038ad58e1301eb158ae6320272731ac1351823aca504b
                                                              • Instruction ID: c00f0db79c9fe54bf6b2ec3440a08b87be2ea52dd2c694699445750fd92b09f0
                                                              • Opcode Fuzzy Hash: 466cb049c70d5e4a330038ad58e1301eb158ae6320272731ac1351823aca504b
                                                              • Instruction Fuzzy Hash: 4651C372B21226BBEB159E64CC44EAB77B9EF40658F115229FC1CD7A40EB34DC4487E0
                                                              Function 6F836390 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32 ref: 6F8363D1
                                                              • IsWindow.USER32(?), ref: 6F836430
                                                              • IsWindow.USER32(?), ref: 6F83643C
                                                              • ShowWindow.USER32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?), ref: 6F836450
                                                              • ShowWindow.USER32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?), ref: 6F83645A
                                                              • ShowWindow.USER32(?,00000000,?,?,?,00000000,?,?,?,?,?,?,?), ref: 6F836464
                                                              • SetCapture.USER32(?,?,?,?,00000000,?,?,?,?,?,?,?), ref: 6F836469
                                                              • ClientToScreen.USER32(?,?), ref: 6F836488
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$CaptureClientRectScreen
                                                              • String ID:
                                                              • API String ID: 3430665317-0
                                                              • Opcode ID: 9e80fada5c5eedde73e7d270935eb15abd86e520d461e9b21b58691762fa1192
                                                              • Instruction ID: 2a46285b1e40aa613417b459ee535309f5a49ef0d0b608b6f818f78ad294de63
                                                              • Opcode Fuzzy Hash: 9e80fada5c5eedde73e7d270935eb15abd86e520d461e9b21b58691762fa1192
                                                              • Instruction Fuzzy Hash: 77315071A04616AFDB10DF68C984B9ABBE0FB45320F10456AED588B650CB70E824CFD1
                                                              Function 6F83E550 Relevance: 12.1, APIs: 8, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83E5C4
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83E5CA
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83E5D1
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83E5D7
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83E5DE
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83E5E3
                                                              • SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83E5F1
                                                              • SetRect.USER32(00000000,00000000,00000000,00000000,00000000), ref: 6F83E60E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Rect
                                                              • String ID:
                                                              • API String ID: 2880178870-0
                                                              • Opcode ID: 654a0dd60043a93e46fad2918db87496cbff3d057033944299f2fe6ee7ef315b
                                                              • Instruction ID: f42639a0e4a3fd2e644ec17a0ecccba07fec70b8945aad0794ce31012cf91539
                                                              • Opcode Fuzzy Hash: 654a0dd60043a93e46fad2918db87496cbff3d057033944299f2fe6ee7ef315b
                                                              • Instruction Fuzzy Hash: 373108B16043049FD740DF68C885B5ABBE4BF89714F0549A9F98CDF285D774E904CBA2
                                                              Function 6F83E440 Relevance: 12.1, APIs: 8, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F83E4B4
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83E4BA
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F83E4C1
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83E4C7
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F83E4CE
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F83E4D3
                                                              • SetRect.USER32(00000000,00000000,?,00000000), ref: 6F83E4E1
                                                              • SetRect.USER32(00000000,00000000,00000000,00000000,00000000), ref: 6F83E4FE
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Rect
                                                              • String ID:
                                                              • API String ID: 2880178870-0
                                                              • Opcode ID: 590384142c5334c0fde1cdd8a6c54cb824a0758061c2e3719ba8384b0e7528c8
                                                              • Instruction ID: e5fa23a7eaac7e2b164d15e4671fed7facc17dbf3c912024ab1de2025bf6031a
                                                              • Opcode Fuzzy Hash: 590384142c5334c0fde1cdd8a6c54cb824a0758061c2e3719ba8384b0e7528c8
                                                              • Instruction Fuzzy Hash: AE3108B16043049FD740DF68C885B5ABBE4BF89714F0549A9E98CDF285D774E804CBA2
                                                              Function 6CF22BA0 Relevance: 12.1, APIs: 8, Instructions: 84synchronizationthreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,00000000,C3D2D3B7,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22BDD
                                                              • TerminateThread.KERNEL32(?,00000000,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22BEF
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22BF8
                                                              • CloseHandle.KERNEL32(?,C3D2D3B7,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22C04
                                                              • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22C0A
                                                              • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22C5D
                                                              • TerminateThread.KERNEL32(?,00000000,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22C6F
                                                              • CloseHandle.KERNEL32(?,?,?,?,?,6CF43EE0,000000FF,?,6CF22B7B), ref: 6CF22C78
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseHandle$ObjectSingleTerminateThreadWait$CriticalDeleteSection
                                                              • String ID:
                                                              • API String ID: 2158937055-0
                                                              • Opcode ID: 403b80eab951d94252c4e8f2a24d824b856e4ba388d42a4b80e29ead45fe4991
                                                              • Instruction ID: 6ee5f68283343a69adedab10596e38d11c0e2819c905f8ba47a9aefb4f4e442e
                                                              • Opcode Fuzzy Hash: 403b80eab951d94252c4e8f2a24d824b856e4ba388d42a4b80e29ead45fe4991
                                                              • Instruction Fuzzy Hash: 82316D31610A059FE7109F69CD89B06FBF9FF45B24F108A29F556C7AA1DB75E804CB40
                                                              Function 6F8361F0 Relevance: 12.1, APIs: 8, Instructions: 78windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 6F836231
                                                              • ScreenToClient.USER32(?,00000000), ref: 6F836241
                                                              • ScreenToClient.USER32(?,00000000), ref: 6F836252
                                                              • BitBlt.GDI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00CC0020), ref: 6F836286
                                                              • SelectObject.GDI32(?,?), ref: 6F836298
                                                              • GetStockObject.GDI32(00000005), ref: 6F83629C
                                                              • SelectObject.GDI32(?,00000000), ref: 6F8362A6
                                                              • Rectangle.GDI32(?,00000000,00000000,00000000,00000000), ref: 6F8362BD
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Object$ClientScreenSelect$RectRectangleStockWindow
                                                              • String ID:
                                                              • API String ID: 670253906-0
                                                              • Opcode ID: b87d224bc24e6b50a52924d58a18197beebc044419f9579ce299976539582aa3
                                                              • Instruction ID: 50aa06bbf89955fed01abb87ac6d402c18c9a318c9fd89d7508df63a88281d0b
                                                              • Opcode Fuzzy Hash: b87d224bc24e6b50a52924d58a18197beebc044419f9579ce299976539582aa3
                                                              • Instruction Fuzzy Hash: BC31F971900619AFDF00DFA8CD49FBEBBB9FB09310F104159F914A6250C775A965CB90
                                                              Function 6F847E2F Relevance: 12.1, APIs: 8, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E52
                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E59
                                                                • Part of subcall function 6F847F08: IsProcessorFeaturePresent.KERNEL32(0000000C,6F847E41,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F0A
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E66
                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E7A
                                                              • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E8E
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847EA1
                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847EB4
                                                              • InterlockedPushEntrySList.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847ECB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: EntryInterlockedList$AllocHeapVirtual$ExceptionFeatureFreePresentProcessProcessorPushRaise
                                                              • String ID:
                                                              • API String ID: 1970769232-0
                                                              • Opcode ID: cb754a854999794cdcaf0b5af2cb15f9a85b8e3710c3b7e524f6a2fff4566d2d
                                                              • Instruction ID: 1b7bf077d4fac29194a3dbf670f6069f748d4327d4bd38fe3acc613b37c05349
                                                              • Opcode Fuzzy Hash: cb754a854999794cdcaf0b5af2cb15f9a85b8e3710c3b7e524f6a2fff4566d2d
                                                              • Instruction Fuzzy Hash: 08117371240A1DABEF5157748C48E6F266CFB56BA5B0109E1F911DA180FA28DC24C7A0
                                                              Function 6CF32624 Relevance: 12.1, APIs: 8, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF32647
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF3264E
                                                                • Part of subcall function 6CF326FD: IsProcessorFeaturePresent.KERNEL32(0000000C,6CF32636,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF326FF
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF3265B
                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,?,?,?,6CF28B92), ref: 6CF3266F
                                                              • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,?,?,?,6CF28B92), ref: 6CF32683
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF32696
                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,6CF28B92), ref: 6CF326A9
                                                              • InterlockedPushEntrySList.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF326C0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: EntryInterlockedList$AllocHeapVirtual$ExceptionFeatureFreePresentProcessProcessorPushRaise
                                                              • String ID:
                                                              • API String ID: 1970769232-0
                                                              • Opcode ID: 931b42aecef4731bb0e5586a48b0fadabda9f69cd9844bacaecaf9b09d8c0fca
                                                              • Instruction ID: 27546858397abcac27f010e32fab85d14e1ced5f558f0536df164f7714451b67
                                                              • Opcode Fuzzy Hash: 931b42aecef4731bb0e5586a48b0fadabda9f69cd9844bacaecaf9b09d8c0fca
                                                              • Instruction Fuzzy Hash: 05118671B25A21BBEF502B698C4CF5B367CEF567CDB115420FA0AD2503DA62DC0486F4
                                                              Function 00FA15D4 Relevance: 12.1, APIs: 8, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,00FA175E,?,?,?,?,?,?,?,?,?,?), ref: 00FA15F7
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA15FE
                                                                • Part of subcall function 00FA16AD: IsProcessorFeaturePresent.KERNEL32(0000000C,00FA15E6,00000000,00000000,00FA175E,?,?,?,?,?,?,?,?,?,?), ref: 00FA16AF
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,00000000,00000000,00FA175E,?,?,?,?,?,?,?,?,?,?,?,00F9054E), ref: 00FA160B
                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA161F
                                                              • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1633
                                                              • InterlockedPopEntrySList.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1646
                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1659
                                                              • InterlockedPushEntrySList.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1670
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: EntryInterlockedList$AllocHeapVirtual$ExceptionFeatureFreePresentProcessProcessorPushRaise
                                                              • String ID:
                                                              • API String ID: 1970769232-0
                                                              • Opcode ID: 83f0cd27916c6af89f65e6e5893c612210c36adec6bfde09bdf7f16858998085
                                                              • Instruction ID: c8c0497060cbc15c3856a16ab7010a13eb0c950a261067d6f5b3f9b2577c1bdf
                                                              • Opcode Fuzzy Hash: 83f0cd27916c6af89f65e6e5893c612210c36adec6bfde09bdf7f16858998085
                                                              • Instruction Fuzzy Hash: 9211E9B1A00605BBD7201BB89DC9F2736ADFB053D5F0A0620F901D2210D731DC00BF65
                                                              Function 6F8403F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F840429
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F84042F
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F840436
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F84043C
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F840443
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F840448
                                                              • SetRect.USER32(00000000,00000000,?,?), ref: 6F84044F
                                                              • EqualRect.USER32(?,00000000), ref: 6F840460
                                                                • Part of subcall function 6F83C520: IsWindow.USER32(?), ref: 6F83C53B
                                                                • Part of subcall function 6F83C520: IsWindow.USER32(?), ref: 6F83C547
                                                                • Part of subcall function 6F83C520: ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C55B
                                                                • Part of subcall function 6F83C520: ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C565
                                                                • Part of subcall function 6F83C520: ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C56F
                                                                • Part of subcall function 6F83C520: EndDialog.USER32(00000002,00000000), ref: 6F83C576
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Window$Show$Rect$DialogEqual
                                                              • String ID:
                                                              • API String ID: 1388789684-0
                                                              • Opcode ID: 2ff5e5767b1d460e53f06b3f11aebc6afb82010bad80c35b55fc19b6cc91f058
                                                              • Instruction ID: b4dad84a05acb31d501763bc75ef4a5607899d43aa5cd816dec2d394bff73653
                                                              • Opcode Fuzzy Hash: 2ff5e5767b1d460e53f06b3f11aebc6afb82010bad80c35b55fc19b6cc91f058
                                                              • Instruction Fuzzy Hash: A3014871A0031CABEB10AFB58C49FEF7BACEF81754F0105A5EA059B180DB795914CBE0
                                                              Function 6CF2C120 Relevance: 10.8, APIs: 7, Instructions: 323COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footerlstrcmpi
                                                              • String ID:
                                                              • API String ID: 2025936031-0
                                                              • Opcode ID: 62846747d2eeb54e504bfbc8991b1cb3218d06eeb34253fd9a37cd8e03e2e244
                                                              • Instruction ID: b75baa045a0350da69fe320f82a79594850085a81a2f43c606a3dac2b269db4d
                                                              • Opcode Fuzzy Hash: 62846747d2eeb54e504bfbc8991b1cb3218d06eeb34253fd9a37cd8e03e2e244
                                                              • Instruction Fuzzy Hash: EFC106719042188BEB24DFA4CC96BDEB7B4EF15704F114199EB09A7A80DB38DE94CF91
                                                              Function 00F847E0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 227COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #Hw$#Hw/
                                                              • API String ID: 0-391555086
                                                              • Opcode ID: 69507a792e2483a093ef406171836f328c60981028063f058a121939681d4fe1
                                                              • Instruction ID: 245e70d5008f852b0f5511f83e5b968c0918ed52468ba5b0077076a7e5352ad4
                                                              • Opcode Fuzzy Hash: 69507a792e2483a093ef406171836f328c60981028063f058a121939681d4fe1
                                                              • Instruction Fuzzy Hash: E581BBB1D00246DBDB24EFA4C841BEEBBF4EF15310F24416DE846A7280E7747A44EBA1
                                                              Function 6F81A74D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,6F81AEC2,?,00000000,?,00000000,00000000), ref: 6F81A78F
                                                              • __fassign.LIBCMT ref: 6F81A80A
                                                              • __fassign.LIBCMT ref: 6F81A825
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 6F81A84B
                                                              • WriteFile.KERNEL32(?,?,00000000,6F81AEC2,00000000,?,?,?,?,?,?,?,?,?,6F81AEC2,?), ref: 6F81A86A
                                                              • WriteFile.KERNEL32(?,?,00000001,6F81AEC2,00000000,?,?,?,?,?,?,?,?,?,6F81AEC2,?), ref: 6F81A8A3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                              • String ID:
                                                              • API String ID: 1324828854-0
                                                              • Opcode ID: d01d751dd4684f25d75dc0aa86bcd8577970686bd6076b22c13826a465e5783f
                                                              • Instruction ID: f16618b5134306749f433442952513d925c411cfc4f2d7e0b0f7d5a0b5bc3b32
                                                              • Opcode Fuzzy Hash: d01d751dd4684f25d75dc0aa86bcd8577970686bd6076b22c13826a465e5783f
                                                              • Instruction Fuzzy Hash: AD51C875A0424ADFDF14CFA8C881AEEBBF4FF09310F10469AE555EB241D730A959CBA1
                                                              Function 6F85532D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,6F855AA2,?,00000000,?,00000000,00000000), ref: 6F85536F
                                                              • __fassign.LIBCMT ref: 6F8553EA
                                                              • __fassign.LIBCMT ref: 6F855405
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 6F85542B
                                                              • WriteFile.KERNEL32(?,?,00000000,6F855AA2,00000000,?,?,?,?,?,?,?,?,?,6F855AA2,?), ref: 6F85544A
                                                              • WriteFile.KERNEL32(?,?,00000001,6F855AA2,00000000,?,?,?,?,?,?,?,?,?,6F855AA2,?), ref: 6F855483
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                              • String ID:
                                                              • API String ID: 1324828854-0
                                                              • Opcode ID: 20b549c9b13f5cdcc8cd70e25816949b2d45566d68def7b7ee414e24c4b75a3e
                                                              • Instruction ID: b67abbd2557464ea9efa546657f3323a9adbf0e948d4cb8a9b2568cd1861afab
                                                              • Opcode Fuzzy Hash: 20b549c9b13f5cdcc8cd70e25816949b2d45566d68def7b7ee414e24c4b75a3e
                                                              • Instruction Fuzzy Hash: 3551D6B1A003489FDB50CFA8C895AEEBBF4EF49314F10459AE555EF281E730A560CBA0
                                                              Function 6CF4089D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,6CF41012,?,00000000,?,00000000,00000000), ref: 6CF408DF
                                                              • __fassign.LIBCMT ref: 6CF4095A
                                                              • __fassign.LIBCMT ref: 6CF40975
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 6CF4099B
                                                              • WriteFile.KERNEL32(?,?,00000000,6CF41012,00000000,?,?,?,?,?,?,?,?,?,6CF41012,?), ref: 6CF409BA
                                                              • WriteFile.KERNEL32(?,?,00000001,6CF41012,00000000,?,?,?,?,?,?,?,?,?,6CF41012,?), ref: 6CF409F3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                              • String ID:
                                                              • API String ID: 1324828854-0
                                                              • Opcode ID: 97187c79e4875f80af3bdc37dbc7a739a76f154435009b1d71eda28b7b0d8e07
                                                              • Instruction ID: f711a3f4fc6e6803de6a60c1330bb85d6859ef9e90159b867f7ba8c6cb6da0fe
                                                              • Opcode Fuzzy Hash: 97187c79e4875f80af3bdc37dbc7a739a76f154435009b1d71eda28b7b0d8e07
                                                              • Instruction Fuzzy Hash: 2251A0B1E10289AFDF14CFA8D881BDEBBF8EF19304F14811AE955E7642D7709941CBA1
                                                              Function 6F8456F0 Relevance: 10.6, APIs: 7, Instructions: 129libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000060,6EB740BD), ref: 6F845770
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 6F845782
                                                              • FindResourceW.KERNEL32(00000000,?,?), ref: 6F8457A9
                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 6F8457C1
                                                                • Part of subcall function 6F831F80: GetLastError.KERNEL32(6F84585D), ref: 6F831F80
                                                              • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 6F845886
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                                                              • String ID:
                                                              • API String ID: 328770362-0
                                                              • Opcode ID: 684937c4e4b150d92fe673fdbe84ba6765a5de10f95090ef23098c7bdd4c39ba
                                                              • Instruction ID: 5bd04edd441686d6de6584786f1c69ab70f90f79601349c3fb19b8b5952688fa
                                                              • Opcode Fuzzy Hash: 684937c4e4b150d92fe673fdbe84ba6765a5de10f95090ef23098c7bdd4c39ba
                                                              • Instruction Fuzzy Hash: 154172B1A4472CEBDB618F68CC40B9E7BB4EF05714F4045E9E509AF240DB349A848BA9
                                                              Function 6CF2BAC0 Relevance: 10.6, APIs: 7, Instructions: 129libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000060,C3D2D3B7), ref: 6CF2BB40
                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 6CF2BB52
                                                              • FindResourceW.KERNEL32(00000000,?,?), ref: 6CF2BB79
                                                              • LoadResource.KERNEL32(00000000,00000000), ref: 6CF2BB91
                                                                • Part of subcall function 6CF21A30: GetLastError.KERNEL32(6CF27031), ref: 6CF21A30
                                                              • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 6CF2BC56
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$Resource$ErrorFindFreeLast
                                                              • String ID:
                                                              • API String ID: 328770362-0
                                                              • Opcode ID: 16d7b5586dc9459dcd4517b28a07d3c37ee2ea9daab31dde9318922164651c0e
                                                              • Instruction ID: c7b961f111301caba4f472376eb31e7e80f1d5459a61927621b3920576f8c6dd
                                                              • Opcode Fuzzy Hash: 16d7b5586dc9459dcd4517b28a07d3c37ee2ea9daab31dde9318922164651c0e
                                                              • Instruction Fuzzy Hash: EB41A5B1D44118DBCB21DF94CC44BDE7BB4EF05714F1085A9E90AA7640DB399E848FE9
                                                              Function 6F843AF0 Relevance: 10.6, APIs: 7, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Global$DeleteFreeObjectUnlock$Select
                                                              • String ID:
                                                              • API String ID: 160990976-0
                                                              • Opcode ID: 98a065600de6c0cae47d8c9a928bde764f0f8e2dc131c40722d93ab9378eca92
                                                              • Instruction ID: 3b6bfcd4c9ff0a802192f9afc7f6d427ec085e99ca88df8de0e0909ba65cc15e
                                                              • Opcode Fuzzy Hash: 98a065600de6c0cae47d8c9a928bde764f0f8e2dc131c40722d93ab9378eca92
                                                              • Instruction Fuzzy Hash: AE51D274200B049FEB688F65C659B66BBF4BF09B05F00489DE9978BA91C7B6F804DB50
                                                              Function 6CF28B10 Relevance: 10.6, APIs: 7, Instructions: 112windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF28C90: SetLastError.KERNEL32(0000000E,?,6CF28B92), ref: 6CF28CA7
                                                              • ShowWindow.USER32(?,00000005), ref: 6CF28B9A
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6CF28BAA
                                                              • IsDialogMessageW.USER32(?,?), ref: 6CF28BD0
                                                              • TranslateMessage.USER32(?), ref: 6CF28BDA
                                                              • DispatchMessageW.USER32(?), ref: 6CF28BE0
                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 6CF28BEC
                                                              • DestroyWindow.USER32(?), ref: 6CF28BFC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Message$Window$DestroyDialogDispatchErrorLastShowTranslate
                                                              • String ID:
                                                              • API String ID: 715871365-0
                                                              • Opcode ID: ea5241a5147056af568629feeea174633924ef199fab7d1e93869b32e97f9ffc
                                                              • Instruction ID: 6103549d1f44d52ec8969c35d28c12d90da839ce22c779a9257934fd0c3ed021
                                                              • Opcode Fuzzy Hash: ea5241a5147056af568629feeea174633924ef199fab7d1e93869b32e97f9ffc
                                                              • Instruction Fuzzy Hash: C5418F71A00619ABDB10DFA4CD44F8EBBB8FF45324F008259B908E7691D7349A04CB90
                                                              Function 00F8D5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              • SetLastError.KERNEL32(00000000), ref: 00F8D619
                                                              • GetModuleFileNameW.KERNEL32(00F80000,00000010,000007D0), ref: 00F8D64A
                                                              • GetLastError.KERNEL32 ref: 00F8D65A
                                                              • GetModuleFileNameW.KERNEL32(?,00000010,00002710), ref: 00F8D699
                                                              • GetLastError.KERNEL32 ref: 00F8D6AA
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$FileModuleName$Exception@8HeapProcessThrow
                                                              • String ID: #Hw/
                                                              • API String ID: 1403994084-1770964375
                                                              • Opcode ID: a9517505b65adeaf776b5b485db93f29c1248ccf404136baacf4a520adfba70a
                                                              • Instruction ID: a08d04d14b54f7967a370f2c81faf2d3e35ffb5c39a601dc589e082ad02daaaa
                                                              • Opcode Fuzzy Hash: a9517505b65adeaf776b5b485db93f29c1248ccf404136baacf4a520adfba70a
                                                              • Instruction Fuzzy Hash: 38418671A046099BDB14FF68DC89BAEBBB4EF04324F100529E919E72D1EB7999009F91
                                                              Function 6F8369D0 Relevance: 10.6, APIs: 7, Instructions: 103windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowDC.USER32(00000000,6EB740BD,?), ref: 6F836A0D
                                                              • SendMessageW.USER32(00000000,000000B2,00000000,?), ref: 6F836A8D
                                                              • CreateCompatibleDC.GDI32(00000000), ref: 6F836A94
                                                              • SelectObject.GDI32(00000000,?), ref: 6F836AA3
                                                              • DrawTextW.USER32(00000000,?,00000064,?,00000400), ref: 6F836AB7
                                                              • DeleteDC.GDI32(00000000), ref: 6F836AC2
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F836ACB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CompatibleCreateDeleteDrawMessageObjectReleaseSelectSendTextWindow
                                                              • String ID:
                                                              • API String ID: 711753471-0
                                                              • Opcode ID: 9945862b400b4c3c8bda95bb369c65656cb5b7a6aa7e134639d8df050073fede
                                                              • Instruction ID: 1322f83b577c21454a9285820ef2dd9bb9142a022c4813a71a97c3bb2294c108
                                                              • Opcode Fuzzy Hash: 9945862b400b4c3c8bda95bb369c65656cb5b7a6aa7e134639d8df050073fede
                                                              • Instruction Fuzzy Hash: BC31E472900604EBDB04DF98C805F9ABBB4FF16720F108699F5159B290D775A914CBD0
                                                              Function 6CF28C90 Relevance: 10.6, APIs: 7, Instructions: 101threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(0000000E,?,6CF28B92), ref: 6CF28CA7
                                                              • GetCurrentThreadId.KERNEL32 ref: 6CF28CCD
                                                              • EnterCriticalSection.KERNEL32(6CF538E0,?,?,6CF28B92), ref: 6CF28CDB
                                                              • LeaveCriticalSection.KERNEL32(6CF538E0,?,?,6CF28B92), ref: 6CF28CF4
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,?,00000000,00000000,?,?,6CF28B92), ref: 6CF28D21
                                                              • CreateDialogParamW.USER32(00000065,00000000,6CF28D30,00000000), ref: 6CF28D0B
                                                                • Part of subcall function 6CF32767: GetProcessHeap.KERNEL32(00000008,00000008,00000000,6CF28D60,?,?,?,?,?,6CF28B92), ref: 6CF3276C
                                                                • Part of subcall function 6CF32767: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF32773
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalHeapSection$AllocCreateCurrentDialogEnterErrorExceptionLastLeaveParamProcessRaiseThread
                                                              • String ID:
                                                              • API String ID: 1481726069-0
                                                              • Opcode ID: 95330551cbbbfa04eb36580833b5ea30803b955b99682dc5ee22228df4e5721b
                                                              • Instruction ID: c929a760245201a5fb0dff722ec2b0df4f2d1007b7e91e2affd2fa5bfd97eb4b
                                                              • Opcode Fuzzy Hash: 95330551cbbbfa04eb36580833b5ea30803b955b99682dc5ee22228df4e5721b
                                                              • Instruction Fuzzy Hash: 7C310832A00B21BBD7215F65DC08F967BB4FF61B59F004516F60596941C776D808C7E1
                                                              Function 6F835530 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000002,80000000,80000000,00000000,00000000,?,00000000,00000000,6EB740BD), ref: 6F835591
                                                              • SetRectEmpty.USER32(?), ref: 6F835617
                                                              • SendMessageW.USER32(?,00000432,00000000,00000000), ref: 6F835629
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateEmptyMessageRectSendWindow
                                                              • String ID: Select area$[[screenshot_plugin.tooltip]]$tooltips_class32
                                                              • API String ID: 2360863529-3421114086
                                                              • Opcode ID: cdece5e501bf2dcb916b550641a41a56003fee04b24b8124e63ab6f0c5607256
                                                              • Instruction ID: 4e8e9be49bb53b69caa04308318179c3de3e2dd6195ee3a8dbda7f1bea2afa52
                                                              • Opcode Fuzzy Hash: cdece5e501bf2dcb916b550641a41a56003fee04b24b8124e63ab6f0c5607256
                                                              • Instruction Fuzzy Hash: 85313971A04A05EFDB14CF98C949B69BBF4FB09720F108A99E4699B3D1D771A810CB94
                                                              Function 6F83B180 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetRectEmpty.USER32(011CB0B4), ref: 6F83B25B
                                                              • SetRectEmpty.USER32(011CB010), ref: 6F83B25E
                                                              • SelectObject.GDI32(?,?), ref: 6F83B280
                                                              • SelectObject.GDI32(?,?), ref: 6F83B28E
                                                              • DeleteObject.GDI32(?), ref: 6F83B296
                                                                • Part of subcall function 6F847AC0: IsWindow.USER32(?), ref: 6F847ADE
                                                                • Part of subcall function 6F847AC0: GetWindowRect.USER32(?), ref: 6F847B26
                                                                • Part of subcall function 6F847AC0: ScreenToClient.USER32(00000002,00000000), ref: 6F847B37
                                                                • Part of subcall function 6F847AC0: ScreenToClient.USER32(00000002,?), ref: 6F847B49
                                                                • Part of subcall function 6F847AC0: SendMessageW.USER32(?,000000B2,00000000,?), ref: 6F847B6E
                                                                • Part of subcall function 6F847AC0: OffsetRect.USER32(?,00000000,00000000), ref: 6F847B7B
                                                                • Part of subcall function 6F847AC0: ShowWindow.USER32(?,00000000,?,?,?), ref: 6F847B89
                                                                • Part of subcall function 6F847AC0: DestroyWindow.USER32(?,?,?,?), ref: 6F847B95
                                                                • Part of subcall function 6F847AC0: SetFocus.USER32(00000000,?,?,?), ref: 6F847BAB
                                                                • Part of subcall function 6F847AC0: CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F847BD7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: RectWindow$Object$ClientEmptyScreenSelect$CreateDeleteDestroyFocusFontMessageOffsetSendShow
                                                              • String ID: KeepSelection
                                                              • API String ID: 482794277-3226883754
                                                              • Opcode ID: ac8b3b92fb5efb2b667b61ed86ff0de05039fee37a65a0858fd256c37af530f8
                                                              • Instruction ID: 204fed3439447c52226d9b48558f6502e07897b501f44f872800fe1442df1924
                                                              • Opcode Fuzzy Hash: ac8b3b92fb5efb2b667b61ed86ff0de05039fee37a65a0858fd256c37af530f8
                                                              • Instruction Fuzzy Hash: F431D672A04715ABCF188F99C840B9EB7A8EF45714F004ABDEC199F2A0DB357515CBE1
                                                              Function 00F9F610 Relevance: 10.6, APIs: 7, Instructions: 88threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(0000000E,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F649
                                                              • GetCurrentThreadId.KERNEL32 ref: 00F9F66D
                                                              • EnterCriticalSection.KERNEL32(00FCC684,?,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F67B
                                                              • LeaveCriticalSection.KERNEL32(00FCC684,?,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F694
                                                              • PropertySheetW.COMCTL32(00000024,?,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F69E
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,?,00000000,00000000,?,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F6EC
                                                              • DestroyIcon.USER32(00000000,?,75C124A0,?,00F9F282,00000000,?,?), ref: 00F9F707
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$CurrentDestroyEnterErrorExceptionIconLastLeavePropertyRaiseSheetThread
                                                              • String ID:
                                                              • API String ID: 3600102844-0
                                                              • Opcode ID: c010c61afb12e2c284573116c6b58b1ab100e63cc7bc7b1577fbc53e016825ff
                                                              • Instruction ID: c68f5e2184ba5a2a77c378182c99a36ca9b6ab9399c06f36ce6d1e752de57fc3
                                                              • Opcode Fuzzy Hash: c010c61afb12e2c284573116c6b58b1ab100e63cc7bc7b1577fbc53e016825ff
                                                              • Instruction Fuzzy Hash: 51219FB15007059FEB309F29D949B16B7E4FF04728F104A2EE58AD7AA0D7B5E444EF41
                                                              Function 00F91920 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PtInRect.USER32(?), ref: 00F9194C
                                                              • SetCursor.USER32(?), ref: 00F91959
                                                              • InvalidateRect.USER32(?,?,00000001), ref: 00F9197E
                                                              • UpdateWindow.USER32(?), ref: 00F91987
                                                              • TrackMouseEvent.USER32(00000010), ref: 00F919AA
                                                              • InvalidateRect.USER32(?,?,00000001), ref: 00F919D8
                                                              • UpdateWindow.USER32(?), ref: 00F919E1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$InvalidateUpdateWindow$CursorEventMouseTrack
                                                              • String ID:
                                                              • API String ID: 1598129390-0
                                                              • Opcode ID: 529be1cffd60d281e9f0baaf43d4c2f1ed8c57b4067ac2adcc8584e9268a00e6
                                                              • Instruction ID: b0406d5fdac0355cbde1cb4ebdb25bf2a3016070c57846f1bf6e9f07de5ed268
                                                              • Opcode Fuzzy Hash: 529be1cffd60d281e9f0baaf43d4c2f1ed8c57b4067ac2adcc8584e9268a00e6
                                                              • Instruction Fuzzy Hash: 122181315007489FEB218F68D988AABBBF4FF05714F080A2DE8C396621C772E855EB51
                                                              Function 6F83E830 Relevance: 10.6, APIs: 7, Instructions: 75threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(0000000E,00000002,?,6F8614B0,?,6F83D190,00000000,?,6F85FC68,00000000,0008000E,PNG,00000002), ref: 6F83E858
                                                              • GetCurrentThreadId.KERNEL32 ref: 6F83E87D
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,?,6F83D190,00000000,?,6F85FC68,00000000,0008000E,PNG,00000002), ref: 6F83E88B
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,6F83D190,00000000,?,6F85FC68,00000000,0008000E,PNG,00000002), ref: 6F83E8A4
                                                              • GetOpenFileNameW.COMDLG32(6F8614D0,?,6F83D190,00000000,?,6F85FC68,00000000,0008000E,PNG,00000002), ref: 6F83E8B4
                                                              • GetSaveFileNameW.COMDLG32(6F8614D0,?,6F83D190,00000000,?,6F85FC68,00000000,0008000E,PNG,00000002), ref: 6F83E8CF
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,6F83E770,00000000,00000000,00000002,?,6F8614B0,?,6F83D190,00000000,?,6F85FC68,00000000), ref: 6F83E8F5
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalFileNameSection$CurrentEnterErrorExceptionLastLeaveOpenRaiseSaveThread
                                                              • String ID:
                                                              • API String ID: 739324661-0
                                                              • Opcode ID: b3c67c2e0fbe982c0a6f2f34829ff3ce14646907d9ad838beb3aed171c29e0a5
                                                              • Instruction ID: cfc516e1ede5ade82f092456af148421984a9361662c5f401f74840e5d5f128d
                                                              • Opcode Fuzzy Hash: b3c67c2e0fbe982c0a6f2f34829ff3ce14646907d9ad838beb3aed171c29e0a5
                                                              • Instruction Fuzzy Hash: 3421F032640B04AFEB208FA8D809B56B7F4FB51732F00496AE215CA6C0DB78F464CB94
                                                              Function 6F833E10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,6F834342,80000001,00000000), ref: 6F833E34
                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6F833E4B
                                                              • RegOpenKeyExW.ADVAPI32(00000000,80000001,00000000,6F834342,00000000,00000000,00000000,?,?,?,6F834342,80000001,00000000), ref: 6F833E84
                                                              • RegCloseKey.ADVAPI32(00000000,?,6F834342,80000001,00000000), ref: 6F833E97
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressCloseHandleModuleOpenProc
                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                              • API String ID: 823179699-3913318428
                                                              • Opcode ID: 1fcb5f7167955705ba1c9ed0d9e2085d096c19e7b2b7fddb4ca22f2efedeea47
                                                              • Instruction ID: 6fb0ed0dd3cd9a531fedaf153946f0499c9571916619ee6d07ee5070cb741014
                                                              • Opcode Fuzzy Hash: 1fcb5f7167955705ba1c9ed0d9e2085d096c19e7b2b7fddb4ca22f2efedeea47
                                                              • Instruction Fuzzy Hash: 1C11BE32A00219EBEF148FA9CC45F9A77A8EF45710F1088A9F914DE2A0D775ED50DBA0
                                                              Function 6CF256F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67registrylibraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,00000001,?,?,6CF258F0,80000001,00000000), ref: 6CF25714
                                                              • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6CF2572B
                                                              • RegOpenKeyExW.ADVAPI32(00000000,80000001,00000000,6CF258F0,00000000,?,?,00000001,?,?,6CF258F0,80000001,00000000), ref: 6CF25764
                                                              • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,6CF258F0,80000001,00000000), ref: 6CF25777
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressCloseHandleModuleOpenProc
                                                              • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                              • API String ID: 823179699-3913318428
                                                              • Opcode ID: 6aa6dbaff6c665efec47626deaa82cf8d5d9e501960b13fa9fd8ed5af6e045fd
                                                              • Instruction ID: 79d3043976e034d03ab02c0be0b2608d5ada0fbdcb03865e96a084d18f7bb2c4
                                                              • Opcode Fuzzy Hash: 6aa6dbaff6c665efec47626deaa82cf8d5d9e501960b13fa9fd8ed5af6e045fd
                                                              • Instruction Fuzzy Hash: 1D11BB71744209EBEF20CF99CC48F4A7BB9EB45305F148429F988DA644E779D940DB20
                                                              Function 6F819916 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8198DA: _free.LIBCMT ref: 6F819903
                                                              • _free.LIBCMT ref: 6F819964
                                                                • Part of subcall function 6F8169EA: HeapFree.KERNEL32(00000000,00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000), ref: 6F816A00
                                                                • Part of subcall function 6F8169EA: GetLastError.KERNEL32(00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000,00000000), ref: 6F816A12
                                                              • _free.LIBCMT ref: 6F81996F
                                                              • _free.LIBCMT ref: 6F81997A
                                                              • _free.LIBCMT ref: 6F8199CE
                                                              • _free.LIBCMT ref: 6F8199D9
                                                              • _free.LIBCMT ref: 6F8199E4
                                                              • _free.LIBCMT ref: 6F8199EF
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 34529202b024b0682681a3b24c3801ecad21234de278fed33e4ec683e664493f
                                                              • Instruction ID: 0b3b9720bcf177451d34da835ad66c5d033a9b3ab5e4c2965a069bb69a5b3c01
                                                              • Opcode Fuzzy Hash: 34529202b024b0682681a3b24c3801ecad21234de278fed33e4ec683e664493f
                                                              • Instruction Fuzzy Hash: F8114272A48B05B7E520E775CC4AFCBB7DC6F02708F400E55AA9E6E4E0DB69F5144750
                                                              Function 6F854441 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F854405: _free.LIBCMT ref: 6F85442E
                                                              • _free.LIBCMT ref: 6F85448F
                                                                • Part of subcall function 6F84E72A: HeapFree.KERNEL32(00000000,00000000,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008), ref: 6F84E740
                                                                • Part of subcall function 6F84E72A: GetLastError.KERNEL32(00000008,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008,00000008), ref: 6F84E752
                                                              • _free.LIBCMT ref: 6F85449A
                                                              • _free.LIBCMT ref: 6F8544A5
                                                              • _free.LIBCMT ref: 6F8544F9
                                                              • _free.LIBCMT ref: 6F854504
                                                              • _free.LIBCMT ref: 6F85450F
                                                              • _free.LIBCMT ref: 6F85451A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 83cd22e14ee6fd7880d6e78a6b94069f264e6bae78fbd708cb1b5e1380eae5e0
                                                              • Instruction ID: e0838273201dc09ff11786d13831f6d4f749e58518c5530a1c48460482fed57f
                                                              • Opcode Fuzzy Hash: 83cd22e14ee6fd7880d6e78a6b94069f264e6bae78fbd708cb1b5e1380eae5e0
                                                              • Instruction Fuzzy Hash: B5115632581B48FAD660EBB4CC45FCA7798AF44304F404C55A29EAE0D5EB38B5318784
                                                              Function 6CF3F520 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF3F4E4: _free.LIBCMT ref: 6CF3F50D
                                                              • _free.LIBCMT ref: 6CF3F56E
                                                                • Part of subcall function 6CF39945: HeapFree.KERNEL32(00000000,00000000,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?), ref: 6CF3995B
                                                                • Part of subcall function 6CF39945: GetLastError.KERNEL32(?,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?,?), ref: 6CF3996D
                                                              • _free.LIBCMT ref: 6CF3F579
                                                              • _free.LIBCMT ref: 6CF3F584
                                                              • _free.LIBCMT ref: 6CF3F5D8
                                                              • _free.LIBCMT ref: 6CF3F5E3
                                                              • _free.LIBCMT ref: 6CF3F5EE
                                                              • _free.LIBCMT ref: 6CF3F5F9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 4c765b01ebdd2535709d235e5a4116fa99fd2394c67b817b487803f0e6a3a61d
                                                              • Instruction ID: 80a8a61880041f56791f2b1ae5b6a8f5403f27812ba2a56ab46cda2edac83d36
                                                              • Opcode Fuzzy Hash: 4c765b01ebdd2535709d235e5a4116fa99fd2394c67b817b487803f0e6a3a61d
                                                              • Instruction Fuzzy Hash: B3117F31941B24BAD7B1E7B0DC05FCB779C6F01708F405816A2AEA6B61DF29F50C8691
                                                              Function 6F814E17 Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000001,?,6F814C14,6F81275F,6F812A34,?,6F812C44,?,00000001,?,?,00000001,?,6F8234E8,0000000C,6F812D2D), ref: 6F814E25
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6F814E33
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6F814E4C
                                                              • SetLastError.KERNEL32(00000000,6F812C44,?,00000001,?,?,00000001,?,6F8234E8,0000000C,6F812D2D,?,00000001,?), ref: 6F814E9E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 44b1f7ed0d4ea5694343b7e294302b3d8bc64b4c010ed92b9dd7a08e20dbb320
                                                              • Instruction ID: fbf23a057ccbd866dc717f4487e171fed55d595b404d82bef72ff7ccabc1fc91
                                                              • Opcode Fuzzy Hash: 44b1f7ed0d4ea5694343b7e294302b3d8bc64b4c010ed92b9dd7a08e20dbb320
                                                              • Instruction Fuzzy Hash: C7014C7355C7136FEE1496BCAC54D672764FB8377C3200BEAE0248D0E4EF11681182C0
                                                              Function 6F83BE90 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsWindow.USER32(?), ref: 6F83BEA6
                                                              • IsWindow.USER32(?), ref: 6F83BEB6
                                                              • ShowWindow.USER32(?,00000004,?,?,6EB740BD,8007000E), ref: 6F83BF09
                                                              • ShowWindow.USER32(?,00000004), ref: 6F83BF13
                                                              • ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF2B
                                                              • ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF35
                                                              • ShowWindow.USER32(?,00000000,?,?,6F83D69C,00000001,6EB740BD,8007000E), ref: 6F83BF3F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show
                                                              • String ID:
                                                              • API String ID: 990937876-0
                                                              • Opcode ID: 0c5970ea8c42564cf057dca7fa9acc090aaa41dd24f0545cc2af76eedef50247
                                                              • Instruction ID: 431e94b633a4f0825a18647f4aec73d1138055b442ba288e843817ded1432bf6
                                                              • Opcode Fuzzy Hash: 0c5970ea8c42564cf057dca7fa9acc090aaa41dd24f0545cc2af76eedef50247
                                                              • Instruction Fuzzy Hash: 02110D72600915BBDB159A79CC05BD9FBA4FB04320F0443A7A9189B5A0DB72B931CFD4
                                                              Function 6F84B4BD Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000001,?,6F84AFD4,6F8485C9,6F848AE7,?,6F848CF7,?,00000001,?,?,00000001,?,6F865AA8,0000000C,6F848DE0), ref: 6F84B4CB
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6F84B4D9
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6F84B4F2
                                                              • SetLastError.KERNEL32(00000000,6F848CF7,?,00000001,?,?,00000001,?,6F865AA8,0000000C,6F848DE0,?,00000001,?), ref: 6F84B544
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: b0d7f7abfbf46ffce8c3e2b76199bb4ca38f469888f3f29ff4b69500b83972e6
                                                              • Instruction ID: a7547a8486c2270e98806a52411943e7405a754a1e41037405ffedb0f1d41d73
                                                              • Opcode Fuzzy Hash: b0d7f7abfbf46ffce8c3e2b76199bb4ca38f469888f3f29ff4b69500b83972e6
                                                              • Instruction Fuzzy Hash: CE01D83250DB1D6E9E081A78BCA576E2664EF0777D7210AFAE1244D1E0FF615821D181
                                                              Function 6CF34B0B Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000001,?,6CF3430C,6CF318E6,6CF31BD7,?,6CF31DE7,?,00000001,?,?,00000001,?,6CF4FF90,0000000C,6CF31ED0), ref: 6CF34B19
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CF34B27
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CF34B40
                                                              • SetLastError.KERNEL32(00000000,6CF31DE7,?,00000001,?,?,00000001,?,6CF4FF90,0000000C,6CF31ED0,?,00000001,?), ref: 6CF34B92
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: f46ee7354e4df5c05f60b2787078a5ebe48f7ae20079d22c89980d5c9dd56b9a
                                                              • Instruction ID: ec57a644b7dfea336095481c7981cd0e31c65b00e3530956ca4e8fd9b5ab733f
                                                              • Opcode Fuzzy Hash: f46ee7354e4df5c05f60b2787078a5ebe48f7ae20079d22c89980d5c9dd56b9a
                                                              • Instruction Fuzzy Hash: A301D837B1E7317EAA421675EC84B473E75EB2667C320332AF51C82AD0EF13480495C0
                                                              Function 00F9F3A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShellExecuteW.SHELL32(00000000,open,00000001,00000000,00000000,00000001), ref: 00F9F420
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExecuteShell
                                                              • String ID: #Hw$#Hw/$help.html$https://app.prntscr.com/$open
                                                              • API String ID: 587946157-1631949232
                                                              • Opcode ID: 0af879a052ec9d7f67bada9601ccc04b1433e75353d7f347eeaa7be8014f0220
                                                              • Instruction ID: 9bcb700f4c574f332d45a783bff12dc29e759d284845a663bb0b659469c1dcf6
                                                              • Opcode Fuzzy Hash: 0af879a052ec9d7f67bada9601ccc04b1433e75353d7f347eeaa7be8014f0220
                                                              • Instruction Fuzzy Hash: 67118E31A44609ABD710DB6CCD42F9AF7B4FF05B20F148369B821AB2D5DB75A9009B91
                                                              Function 6CF29780 Relevance: 10.5, APIs: 7, Instructions: 48windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,000003E9), ref: 6CF29790
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 6CF2979B
                                                              • SendMessageW.USER32(00000000,0000040A,00000000,00000000), ref: 6CF297B5
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 6CF297BA
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 6CF297C7
                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 6CF297DA
                                                              • SendMessageW.USER32(00000000,00000402,6CF28E5E,00000000), ref: 6CF297E7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LongMessageSendWindow$Item
                                                              • String ID:
                                                              • API String ID: 1991063068-0
                                                              • Opcode ID: 33935a1a94a7b7b9c6a46d4700e3a70b60a1832630f98ea1481b2e9d1612a224
                                                              • Instruction ID: bde740db3232f5b072b7b37afcf7b04e4b7915e923bd6efbc511ed424dcc575d
                                                              • Opcode Fuzzy Hash: 33935a1a94a7b7b9c6a46d4700e3a70b60a1832630f98ea1481b2e9d1612a224
                                                              • Instruction Fuzzy Hash: 5CF068313952247BFF512B548C4AF9A366CDF57B35F208301F710F91E1C7A46A41856D
                                                              Function 6CF29800 Relevance: 10.5, APIs: 7, Instructions: 46windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,000003E9), ref: 6CF2980D
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 6CF2981E
                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 6CF29827
                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 6CF29830
                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 6CF29849
                                                              • SendMessageW.USER32(00000000,00000402,00000064,00000000), ref: 6CF29855
                                                              • SendMessageW.USER32(00000000,0000040A,00000001,00000000), ref: 6CF29861
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LongMessageSendWindow$Item
                                                              • String ID:
                                                              • API String ID: 1991063068-0
                                                              • Opcode ID: 1d5e03dd9a71849b2ef8db6ed121c110d01a92534a666ea3d415ce876dfd27bd
                                                              • Instruction ID: ffaa5c7032e823a2a33794c7006de70e0041168f51cdcac7b29861d5557308e7
                                                              • Opcode Fuzzy Hash: 1d5e03dd9a71849b2ef8db6ed121c110d01a92534a666ea3d415ce876dfd27bd
                                                              • Instruction Fuzzy Hash: 49F062313952243BEE1166148C46F9A26189F93B35F258301F710B92D1C6E86A428568
                                                              Function 00FAB7A5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FAB79A,00000003,?,00FAB73A,00000003,00FC7E08,0000000C,00FAB84D,00000003,00000002), ref: 00FAB7C5
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FAB7D8
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00FAB79A,00000003,?,00FAB73A,00000003,00FC7E08,0000000C,00FAB84D,00000003,00000002,00000000), ref: 00FAB7FB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: #Hw/$CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-217355170
                                                              • Opcode ID: 23d98f2d6d69a1fc3cfe8241e3c157d37deb4ebfbfd6a31854d2b8d0dbee34ec
                                                              • Instruction ID: 0a9311b80a35a1b5003dcc78eef9f7f1492b8e442a2d7f58ddea16723847b50f
                                                              • Opcode Fuzzy Hash: 23d98f2d6d69a1fc3cfe8241e3c157d37deb4ebfbfd6a31854d2b8d0dbee34ec
                                                              • Instruction Fuzzy Hash: 1BF0A43090020CFBCB115F65DC89BDDBFB8EF04751F044164F805A2150CB758D44EE51
                                                              Function 6F8349B0 Relevance: 10.5, APIs: 7, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemMetrics.USER32(0000004F), ref: 6F8349D8
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F8349DE
                                                              • GetSystemMetrics.USER32(0000004E), ref: 6F8349E5
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F8349EB
                                                              • GetSystemMetrics.USER32(0000004D), ref: 6F8349F2
                                                              • GetSystemMetrics.USER32(0000004C), ref: 6F8349F7
                                                              • SetRect.USER32(?,00000000), ref: 6F8349FB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Rect
                                                              • String ID:
                                                              • API String ID: 2880178870-0
                                                              • Opcode ID: 08ec1984dfd0b5e88a098622ba346d00c6861af4d211e343f54b3804360fb67e
                                                              • Instruction ID: 8c3dcc407589df4acebaef7baf88ecd6ad94bf17eeed80bd6e1dc0c6ed6749c3
                                                              • Opcode Fuzzy Hash: 08ec1984dfd0b5e88a098622ba346d00c6861af4d211e343f54b3804360fb67e
                                                              • Instruction Fuzzy Hash: 53F012B1641214ABF7602B668C9AF576E98EF81764F064055FB0C9F2C1C6BD4C04CBB4
                                                              Function 6F845D50 Relevance: 9.3, APIs: 6, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footerlstrcmpi
                                                              • String ID:
                                                              • API String ID: 2025936031-0
                                                              • Opcode ID: e55666c8e8f86d72be795f1a5d4be974d7636b1dd85bcda960d211ba5b41ee59
                                                              • Instruction ID: 78ad0fc8c7634342ba6fece40879bb6d67c63272aa0bf667dfc83b7cc176be75
                                                              • Opcode Fuzzy Hash: e55666c8e8f86d72be795f1a5d4be974d7636b1dd85bcda960d211ba5b41ee59
                                                              • Instruction Fuzzy Hash: F9C1AF7190031D9BDB28CB28CD857DDB3B5AF16710F0149DAEA09AF281DB30AE95CE91
                                                              Function 6F818E98 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,6F8187A7,00000000,?,?,?,6F8190E9,?,?,00000100), ref: 6F818EF2
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,6F8190E9,?,?,00000100,?,?,?), ref: 6F818F78
                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000100,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6F819072
                                                              • __freea.LIBCMT ref: 6F81907F
                                                                • Part of subcall function 6F816A24: HeapAlloc.KERNEL32(00000000,00000000,?,?,6F8113C0,00000009,00000000,80004005,00000000,6F8112B1), ref: 6F816A56
                                                              • __freea.LIBCMT ref: 6F819088
                                                              • __freea.LIBCMT ref: 6F8190AD
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide__freea$AllocHeap
                                                              • String ID:
                                                              • API String ID: 3147120248-0
                                                              • Opcode ID: ace8e9366e8e31aa53a5c57f7b7a1a84fc51b5322c80244c003686e77b0108fc
                                                              • Instruction ID: 584c667dedb3efc9c51029cff1ab92ee71070837508ad4ea414a4becd1ed6783
                                                              • Opcode Fuzzy Hash: ace8e9366e8e31aa53a5c57f7b7a1a84fc51b5322c80244c003686e77b0108fc
                                                              • Instruction Fuzzy Hash: 8051C772A18217ABEF19CE68CC41EAB77AAEB41750F114BA9FC14DE184DB35EC50C650
                                                              Function 6F833020 Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: GdipPath$CloseFigureReset
                                                              • String ID:
                                                              • API String ID: 1165678104-0
                                                              • Opcode ID: eb9592b74238c220ecde5e0863e09a9638dc3457c2f11243fe1532e042f2bbc1
                                                              • Instruction ID: ad824537d105f2648c1af47802a6ea8b42ba734bd7d77d556eb72e087fea6093
                                                              • Opcode Fuzzy Hash: eb9592b74238c220ecde5e0863e09a9638dc3457c2f11243fe1532e042f2bbc1
                                                              • Instruction Fuzzy Hash: 6451C771E0560AEFDB019F95E6884AEBFB0FF81340FA24889E4D472198D7318970DF96
                                                              Function 6F845BB0 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharNextW.USER32(?,00000000,00000000), ref: 6F845BF6
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6F845C0E
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6F845C22
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6F845C2C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext
                                                              • String ID:
                                                              • API String ID: 3213498283-0
                                                              • Opcode ID: eb5480911ae111ae2247db4ac22a1b86fcae78e16730c9e5db60add2ab2ded7d
                                                              • Instruction ID: 1daedc8e969c32ffe295852896c8b2ea2452eb71f9320d0457079b3757d04f73
                                                              • Opcode Fuzzy Hash: eb5480911ae111ae2247db4ac22a1b86fcae78e16730c9e5db60add2ab2ded7d
                                                              • Instruction Fuzzy Hash: 1241AF3660431DCFCB14DF6CD88066EB7F6EF99310B9009EAE8458F258E771A951CB91
                                                              Function 6CF2BF80 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CharNextW.USER32(?,00000000,00000000), ref: 6CF2BFC6
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6CF2BFDE
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6CF2BFF2
                                                              • CharNextW.USER32(00000000,?,00000000,00000000), ref: 6CF2BFFC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext
                                                              • String ID:
                                                              • API String ID: 3213498283-0
                                                              • Opcode ID: 3e935d9e484dd0c2b5c9bc0634a411669e8aeeda85816f8b13a550a52c0efc6c
                                                              • Instruction ID: 859c6ca488c46854faa955b06de1e9305199a204a8574677d26936ca65f64622
                                                              • Opcode Fuzzy Hash: 3e935d9e484dd0c2b5c9bc0634a411669e8aeeda85816f8b13a550a52c0efc6c
                                                              • Instruction Fuzzy Hash: 20413632B04215CFCB10EFADC8806AAF3F2EF8A314B54466AE804CB754DB39D941CB81
                                                              Function 6F8111B0 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnumDisplayMonitors.USER32(00000000,00000000,6F811130,00000000), ref: 6F811233
                                                              • CreateRectRgnIndirect.GDI32(00000008), ref: 6F81124A
                                                              • CreateRectRgnIndirect.GDI32(-00000008), ref: 6F811273
                                                              • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 6F811280
                                                              • DeleteObject.GDI32(00000000), ref: 6F811297
                                                              • DeleteObject.GDI32(00000000), ref: 6F8112EA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateDeleteIndirectObjectRect$CombineDisplayEnumMonitors
                                                              • String ID:
                                                              • API String ID: 1397933015-0
                                                              • Opcode ID: f8b3b07c6a3d7d5d97dd97924df2b92cd66e437b3807b548329cab1aea155a28
                                                              • Instruction ID: 49bd3d48a9a1c677922179ebb1de600728c911d8f2b49fe13c987c0fd8c79fb9
                                                              • Opcode Fuzzy Hash: f8b3b07c6a3d7d5d97dd97924df2b92cd66e437b3807b548329cab1aea155a28
                                                              • Instruction Fuzzy Hash: 31416F71D0564AEBEB10CFA8D844BDEBBF8EF59710F100659E811EB240D774A944CBA0
                                                              Function 6F833560 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnumDisplayMonitors.USER32(00000000,00000000,6F833510,00000000,6EB740BD), ref: 6F8335D2
                                                              • CreateRectRgnIndirect.GDI32(00000008), ref: 6F8335E9
                                                              • CreateRectRgnIndirect.GDI32(?), ref: 6F833613
                                                              • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 6F833620
                                                              • DeleteObject.GDI32(00000000), ref: 6F833631
                                                              • DeleteObject.GDI32(00000000), ref: 6F83367A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateDeleteIndirectObjectRect$CombineDisplayEnumMonitors
                                                              • String ID:
                                                              • API String ID: 1397933015-0
                                                              • Opcode ID: b40e2b5fba5b5b0ad2663e07ba82d2737a1b9bf160e490311fbb00607a4fb843
                                                              • Instruction ID: 2d708ada108b076e7530380404e629ded5c4e0debe8bcd0dcc4263b75b3fea36
                                                              • Opcode Fuzzy Hash: b40e2b5fba5b5b0ad2663e07ba82d2737a1b9bf160e490311fbb00607a4fb843
                                                              • Instruction Fuzzy Hash: 57315D72901768AFEF00CF95D889BDEBBB8EF09714F10049AE914AB350D7795908CBE0
                                                              Function 6F838170 Relevance: 9.1, APIs: 6, Instructions: 75threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetLastError.KERNEL32(0000000E,?,?,6F838066,00000000), ref: 6F838196
                                                              • GetCurrentThreadId.KERNEL32 ref: 6F8381BA
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,?,?,?,6F838066,00000000), ref: 6F8381C8
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,?,6F838066,00000000), ref: 6F8381E1
                                                              • ChooseColorW.COMDLG32(6F861004,?,?,?,6F838066,00000000), ref: 6F8381EB
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,003A004C,00000000,00000000,?,?,?,6F838066,00000000), ref: 6F838210
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$ChooseColorCurrentEnterErrorExceptionLastLeaveRaiseThread
                                                              • String ID:
                                                              • API String ID: 2729876786-0
                                                              • Opcode ID: 5541ad3773a1dde7acd8546da7ab178c3e9c7dda12d0e3fed7d7645d46b6d510
                                                              • Instruction ID: d5de281d4979ac9266eb37eaa94dc7eb2b4e07d96d45498ff11611ae424e18f4
                                                              • Opcode Fuzzy Hash: 5541ad3773a1dde7acd8546da7ab178c3e9c7dda12d0e3fed7d7645d46b6d510
                                                              • Instruction Fuzzy Hash: 1421DF72640B14AFDB608FA4DC08B46B7F4BF06725F10499EF155CE690CBB4E060CB80
                                                              Function 00F96740 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 309COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #Hw/$result$success$username
                                                              • API String ID: 0-3054265658
                                                              • Opcode ID: 9c4afbb8757361f2dbc6e01069b6815a686cfb76be9bc37dcfe78f6933d77b51
                                                              • Instruction ID: 611f50f6d600de3f24a2298e716aa31f67db992d03c4caa542b73e37e79c1ae1
                                                              • Opcode Fuzzy Hash: 9c4afbb8757361f2dbc6e01069b6815a686cfb76be9bc37dcfe78f6933d77b51
                                                              • Instruction Fuzzy Hash: 94C1A171D00248EFEF10EFA8CC45B9DBBB5EF45324F148258E415AB291DB38AE45EB91
                                                              Function 6F847960 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipGetDC.GDIPLUS(?,?), ref: 6F847985
                                                              • SelectObject.GDI32(00000000,?), ref: 6F84799A
                                                              • SetBkMode.GDI32(00000000,00000001), ref: 6F8479A3
                                                              • SetTextColor.GDI32(00000000,?), ref: 6F8479AD
                                                              • DrawTextW.USER32(00000000,?,?,?,00000000), ref: 6F8479C1
                                                              • GdipReleaseDC.GDIPLUS(?,00000000), ref: 6F8479CA
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: GdipText$ColorDrawModeObjectReleaseSelect
                                                              • String ID:
                                                              • API String ID: 3125531634-0
                                                              • Opcode ID: b417833096847ced0a6ca514a5627d740f889e97a6efbc7c2fe0a939c282b3cb
                                                              • Instruction ID: 9248ae9cdc04bcef221d1c899ad364bc1338c55c470ff7c3b1f7a13800c76966
                                                              • Opcode Fuzzy Hash: b417833096847ced0a6ca514a5627d740f889e97a6efbc7c2fe0a939c282b3cb
                                                              • Instruction Fuzzy Hash: 4701697110150AFFDF458F90C948EDEBFA9FF1A360B1040AAFA04DA101D77AE925CBA0
                                                              Function 6F81701E Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free$_abort
                                                              • String ID:
                                                              • API String ID: 3160817290-0
                                                              • Opcode ID: 59eeceba92c5ad339accfd75fe6fa557dba63ac27acd570063d4e62ac8f149b9
                                                              • Instruction ID: c6c058734e397e6c9bdc64390415ba3fc6852705ff077a85897a8fb593865655
                                                              • Opcode Fuzzy Hash: 59eeceba92c5ad339accfd75fe6fa557dba63ac27acd570063d4e62ac8f149b9
                                                              • Instruction Fuzzy Hash: 77F0A23654CB0377CE15D23DDC09F0E266A9F83738B250BD8F918DE1C0EF25A41181A1
                                                              Function 6F835670 Relevance: 9.0, APIs: 6, Instructions: 50windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 6F83568B
                                                              • ScreenToClient.USER32(00000000,00000000), ref: 6F835698
                                                              • ClientToScreen.USER32(00000000,?), ref: 6F8356B1
                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 6F8356D4
                                                              • SendMessageW.USER32(00000000,00000411,00000001), ref: 6F8356E6
                                                              • SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 6F8356FB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClientMessageScreenSend$CursorWindow
                                                              • String ID:
                                                              • API String ID: 973176280-0
                                                              • Opcode ID: 9f8487198483f8958a9189652226b1f428d2cb27a868931fb90eb6f9166fb95e
                                                              • Instruction ID: f9b9c5e247b0d0272394e00fc4364e73c02b445b9f8f2f22c89019584ae51b16
                                                              • Opcode Fuzzy Hash: 9f8487198483f8958a9189652226b1f428d2cb27a868931fb90eb6f9166fb95e
                                                              • Instruction Fuzzy Hash: AA112A74900609BBEB109B98CC4ABADBBB4FB04711F104295F515A62D0D7B56A60DB94
                                                              Function 6F84F369 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,6F84C4F1,?,?,?,6F84C016,?,?,?,?), ref: 6F84F36D
                                                              • _free.LIBCMT ref: 6F84F3A0
                                                              • _free.LIBCMT ref: 6F84F3C8
                                                              • SetLastError.KERNEL32(00000000,?,?,?), ref: 6F84F3D5
                                                              • SetLastError.KERNEL32(00000000,?,?,?), ref: 6F84F3E1
                                                              • _abort.LIBCMT ref: 6F84F3E7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free$_abort
                                                              • String ID:
                                                              • API String ID: 3160817290-0
                                                              • Opcode ID: 3f0c12536062aa42ff361bc6ad7abd3a538583d7a3d1c99a23ef02568cdc2ca8
                                                              • Instruction ID: 14eee03831380a6a415a31d08b435aaea150385f1793856115e3b6e47d7f3911
                                                              • Opcode Fuzzy Hash: 3f0c12536062aa42ff361bc6ad7abd3a538583d7a3d1c99a23ef02568cdc2ca8
                                                              • Instruction Fuzzy Hash: 16F0A436588B097BDA46533D9C08F5B2569AFE3779F210DD8F4189F2C0EF28941186A5
                                                              Function 6CF3AB7E Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,00000000,6CF35AB3,00000000,00000000,?,6CF3543C,6CF222C7,00000000,00000000,00000000), ref: 6CF3AB82
                                                              • _free.LIBCMT ref: 6CF3ABB5
                                                              • _free.LIBCMT ref: 6CF3ABDD
                                                              • SetLastError.KERNEL32(00000000,00000000,00000000,00000000), ref: 6CF3ABEA
                                                              • SetLastError.KERNEL32(00000000,00000000,00000000,00000000), ref: 6CF3ABF6
                                                              • _abort.LIBCMT ref: 6CF3ABFC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free$_abort
                                                              • String ID:
                                                              • API String ID: 3160817290-0
                                                              • Opcode ID: 046df06a5fab16a0a3df56d046ed739daabf413d343756191c9a4189765401b3
                                                              • Instruction ID: 6c8787af1ca9ab8f73d9a4e2c0bfc53ab0f85398087df4b8984f4b8ba5ebd1f4
                                                              • Opcode Fuzzy Hash: 046df06a5fab16a0a3df56d046ed739daabf413d343756191c9a4189765401b3
                                                              • Instruction Fuzzy Hash: 52F0F9326069207BCE4263BA5C08F8A32B69BD367DB257614F91CD2F80EF25840980E1
                                                              Function 6F83C520 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F83BF50: IsWindow.USER32(?), ref: 6F83BFD3
                                                                • Part of subcall function 6F83BF50: RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83BFEC
                                                              • IsWindow.USER32(?), ref: 6F83C53B
                                                              • IsWindow.USER32(?), ref: 6F83C547
                                                              • ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C55B
                                                              • ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C565
                                                              • ShowWindow.USER32(?,00000000,?,6F842472,?,?,?,?,00000001,?,?,6F841C2F,?,8007000E,?,?), ref: 6F83C56F
                                                              • EndDialog.USER32(00000002,00000000), ref: 6F83C576
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$DialogRedraw
                                                              • String ID:
                                                              • API String ID: 3150406107-0
                                                              • Opcode ID: 942f40c2cd32fc9081ef760f952ebefd328e057f02dc1f45feb90ad9d89e998c
                                                              • Instruction ID: d6937131bef42378a0ccb8a6b565e6e4ec99b0318077a564c952b087ddf0a9be
                                                              • Opcode Fuzzy Hash: 942f40c2cd32fc9081ef760f952ebefd328e057f02dc1f45feb90ad9d89e998c
                                                              • Instruction Fuzzy Hash: C2F05431A00925B7DE151635CD05BD9BF65FF01760F0003A3B92C660B0CB62B830DAD4
                                                              Function 6F83D010 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 252COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8315F0: GetProcessHeap.KERNEL32(?), ref: 6F831623
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83164E
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83168F
                                                              • GetActiveWindow.USER32 ref: 6F83D17E
                                                                • Part of subcall function 6F8311A0: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8311B2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footer$ActiveException@8HeapProcessThrowWindow
                                                              • String ID: Format$LastSavedDir$PNG
                                                              • API String ID: 3920847568-1456889519
                                                              • Opcode ID: 834c68a9c72f91f08ac1aaf0a69947b54b26101fd7221ad11f0b8fc12d5d349d
                                                              • Instruction ID: f3def0716f8b623ef7b1dd0118c6f6c708b1595f47959fc9b95b95e518a6ade2
                                                              • Opcode Fuzzy Hash: 834c68a9c72f91f08ac1aaf0a69947b54b26101fd7221ad11f0b8fc12d5d349d
                                                              • Instruction Fuzzy Hash: 5EA1C5B2E006289FDB14CB6CCC44B9EB7B5AF45328F1446E8D4199B2E1DB30AE44CF95
                                                              Function 00F9C530 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 214windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              • PostMessageW.USER32(?,?,00000000,00000001), ref: 00F9C751
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorException@8HeapLastMessagePostProcessThrow
                                                              • String ID: #Hw/$token$userid$username
                                                              • API String ID: 2193781124-3771044398
                                                              • Opcode ID: 568927623b8e5fef211ae3136b34ef3b6ffc06e7d3e05e3c2b6f783a53faf7a2
                                                              • Instruction ID: 8e0d3fd920a70b394551e46402e136d0ee0cb7ab1d9e8d5f56065b485c5717db
                                                              • Opcode Fuzzy Hash: 568927623b8e5fef211ae3136b34ef3b6ffc06e7d3e05e3c2b6f783a53faf7a2
                                                              • Instruction Fuzzy Hash: 1781EB71E053459BDF04FB68CC46BEDBBE4EF45314F18419CE415AB382DB349904ABA2
                                                              Function 6F83EA70 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 200COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _wcsstr
                                                              • String ID: %filename%
                                                              • API String ID: 1512112989-135598520
                                                              • Opcode ID: e6fba14480a82c9a3810021d1f061a3014ad1b0d5b1013592d868c86e2ab3b60
                                                              • Instruction ID: 0d20c90cf4764a744f70d314d76e04237845f8cc59486d33cab652d6994ff110
                                                              • Opcode Fuzzy Hash: e6fba14480a82c9a3810021d1f061a3014ad1b0d5b1013592d868c86e2ab3b60
                                                              • Instruction Fuzzy Hash: 7561C537E006299BCB18DFA8C9809AEB7B5EF94344B0549A9DC15AF364DB30BD0987D1
                                                              Function 00F9B950 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F9B98B
                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00F9B9A2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSend
                                                              • String ID: #Hw/$ProxyString$ProxyType
                                                              • API String ID: 3850602802-3563907599
                                                              • Opcode ID: 1a83a022ba76b6a4588eb82a27c2ae8854b95c304922bad93f42331c6b936fb1
                                                              • Instruction ID: 7313596376e0799df7382de7a54bc3dd916496745678319d82743817134e011d
                                                              • Opcode Fuzzy Hash: 1a83a022ba76b6a4588eb82a27c2ae8854b95c304922bad93f42331c6b936fb1
                                                              • Instruction Fuzzy Hash: B451F731A00609EBDB00EB6CCD06B9EB7F4EF45724F248259F415AB2D2DB749D049BD1
                                                              Function 6CF284C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CoCreateGuid.OLE32(?,6CF4AA54,?,C3D2D3B7), ref: 6CF28594
                                                              • StringFromGUID2.OLE32(?,?,00000040,?,C3D2D3B7), ref: 6CF285AA
                                                              • SysAllocString.OLEAUT32(?), ref: 6CF285B7
                                                              • SysFreeString.OLEAUT32(00000000), ref: 6CF2862A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: String$AllocCreateFreeFromGuid
                                                              • String ID: appId
                                                              • API String ID: 1865064963-920268833
                                                              • Opcode ID: cedc5a8e456a910f81c163aec44cbdfd6709c24cd17146f1b89215e62afb4d30
                                                              • Instruction ID: 59664e7a6c3d38cf5252149f9d8f1d4c40a30c03b611a95c7b39272e3a56e826
                                                              • Opcode Fuzzy Hash: cedc5a8e456a910f81c163aec44cbdfd6709c24cd17146f1b89215e62afb4d30
                                                              • Instruction Fuzzy Hash: 5B411871A00204EBCF14DFA4C805BEEB7B9EF45358F04819EE405A7741D73A9E48CB55
                                                              Function 00F88380 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116synchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(000000FF,000000FF,77E44823), ref: 00F883B5
                                                              • EnterCriticalSection.KERNEL32(?), ref: 00F883E4
                                                              • ResetEvent.KERNEL32(?), ref: 00F883F3
                                                              • LeaveCriticalSection.KERNEL32(?,00000000,?), ref: 00F88437
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterEventLeaveObjectResetSingleWait
                                                              • String ID: #Hw/
                                                              • API String ID: 1557531055-1770964375
                                                              • Opcode ID: e6a91a98add00d38cec6d9251356cfb3a167656f6a54633d0ba12c361f0e3bdf
                                                              • Instruction ID: ebd32ee1c36105fa30df6a5bc4331c3ca9eaeb62b6468faad57e1af2d0b886c7
                                                              • Opcode Fuzzy Hash: e6a91a98add00d38cec6d9251356cfb3a167656f6a54633d0ba12c361f0e3bdf
                                                              • Instruction Fuzzy Hash: B941707190020AEFD704EF78CC85B9EBBB8FF05360F544658E422A7292DB34A905DFA1
                                                              Function 00F92279 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00F9229B
                                                              • RegCloseKey.ADVAPI32(00000000,80000001,Software\Microsoft\Internet Explorer\Settings,0002001F,00000000), ref: 00F923D1
                                                              Strings
                                                              • Anchor Color, xrefs: 00F9236F
                                                              • Anchor Color Visited, xrefs: 00F923A2
                                                              • Software\Microsoft\Internet Explorer\Settings, xrefs: 00F92302
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseTextWindow
                                                              • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings
                                                              • API String ID: 230337406-3433146436
                                                              • Opcode ID: 1c8b841ef93dfa510df9bbe52aa293db0ddad4023bc7774906afd8e3f1b350e1
                                                              • Instruction ID: 03e3fd74afe2ba969c7754a49b5aab24b5ab55cd476224e113f259f9545f059c
                                                              • Opcode Fuzzy Hash: 1c8b841ef93dfa510df9bbe52aa293db0ddad4023bc7774906afd8e3f1b350e1
                                                              • Instruction Fuzzy Hash: 75316C70E00309AFEF64DF64C941BEEB7B4BF48324F00029AD919A2681EB34AA44DF51
                                                              Function 00F98150 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F8BF50: GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BF74
                                                                • Part of subcall function 00F8BF50: RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,00F8C1A0,80000001,00000000), ref: 00F8BFD7
                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00F981D3
                                                              • RegCloseKey.ADVAPI32(?), ref: 00F98222
                                                                • Part of subcall function 00F98150: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,00000000), ref: 00F98213
                                                              • RegCloseKey.ADVAPI32(?), ref: 00F98250
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$Enum$HandleModule
                                                              • String ID: #Hw/
                                                              • API String ID: 2852649468-1770964375
                                                              • Opcode ID: 10b68aab3c452ce2486062ce7e5a6e8adb8ac81ff05177a29d1627bfeca627bb
                                                              • Instruction ID: 92e92bfa0e8123f2380cad2b258a15d139998f714109442f5fc35ab0ae5405fd
                                                              • Opcode Fuzzy Hash: 10b68aab3c452ce2486062ce7e5a6e8adb8ac81ff05177a29d1627bfeca627bb
                                                              • Instruction Fuzzy Hash: 0A310A71508315AFD721DF55DC44B9BBBE8EF893A4F004A19F89893260DB34DA09DBA2
                                                              Function 6F834F40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetObjectW.GDI32(00000000,00000018,00000000), ref: 6F834F98
                                                              • GetWindowDC.USER32(00000000), ref: 6F834FF6
                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000000,00000000,00000028,00000000), ref: 6F83500D
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F835016
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: BitsObjectReleaseWindow
                                                              • String ID: (
                                                              • API String ID: 1529088149-3887548279
                                                              • Opcode ID: 9ea2408ee6c57d1116575c08ed67f5c8722dac2a2d474d972ff0161690c5ee25
                                                              • Instruction ID: 3a61829d12bf17efd75e6009513c27f88c9ebe54d142fd7a1139924ed2fbdb20
                                                              • Opcode Fuzzy Hash: 9ea2408ee6c57d1116575c08ed67f5c8722dac2a2d474d972ff0161690c5ee25
                                                              • Instruction Fuzzy Hash: 2431F6B1E00618AFDB50CFA9C844BDEBBF9FB49710F10456AE919EB280E7755A14CF90
                                                              Function 6CF2AA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • KillTimer.USER32(?,0000471A,C3D2D3B7), ref: 6CF2AAB0
                                                              • SetWindowTextW.USER32(?,00000000), ref: 6CF2AAEF
                                                              • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000043), ref: 6CF2AB1F
                                                              Strings
                                                              • Uploading Image, xrefs: 6CF2AABC
                                                              • [[screenshot_plugin.uploading_window_capt]], xrefs: 6CF2AAD0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$KillTextTimer
                                                              • String ID: Uploading Image$[[screenshot_plugin.uploading_window_capt]]
                                                              • API String ID: 1699586737-3407559735
                                                              • Opcode ID: 813b571302217c3e0980184648b22aba7f1c7f4da1d56870e9e40bdf204da17f
                                                              • Instruction ID: 51ea6222b32682f95592f78cdbedd1b03c5e551333e47bdfab5f741729b6316f
                                                              • Opcode Fuzzy Hash: 813b571302217c3e0980184648b22aba7f1c7f4da1d56870e9e40bdf204da17f
                                                              • Instruction Fuzzy Hash: 4A316D71A10A04AFDB10DFA4CD05B9ABBF8FB09724F108719F525A3BD0DB75AA048B95
                                                              Function 6F835A20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85registrywindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegisterWindowMessageW.USER32(commdlg_ColorOK), ref: 6F835A68
                                                              • LeaveCriticalSection.KERNEL32(6F86A528), ref: 6F835A74
                                                              • RegisterWindowMessageW.USER32(commdlg_ColorOK), ref: 6F835AAE
                                                              • LeaveCriticalSection.KERNEL32(6F86A528), ref: 6F835ABA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalLeaveMessageRegisterSectionWindow
                                                              • String ID: commdlg_ColorOK
                                                              • API String ID: 2450959226-1282741433
                                                              • Opcode ID: d369d2ce368737c755ca143abf01a175015984622a6453ab482e1d0862e184c5
                                                              • Instruction ID: 43138dcf7f6856a98e4ef68d407cb5793071022644f1bb52e3f734ef6e9d1e10
                                                              • Opcode Fuzzy Hash: d369d2ce368737c755ca143abf01a175015984622a6453ab482e1d0862e184c5
                                                              • Instruction Fuzzy Hash: 07215372A04725AFDB04CFA8CC85A7A77A5FF46364F000996E910DF290EB35E821D7E1
                                                              Function 00F9F050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShellExecuteW.SHELL32(00000000,open,explorer,00000000,00000000,00000001), ref: 00F9F094
                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 00F9F0DD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExecuteShell
                                                              • String ID: /select,$explorer$open
                                                              • API String ID: 587946157-1443412256
                                                              • Opcode ID: 762365986107adf507262e8e4ab4e27c6a2bad5909205edba1914df5f28eb92c
                                                              • Instruction ID: 8e346e4a0ea300c040669ce7c19b0d5621135e593597933be18bb943af8f783b
                                                              • Opcode Fuzzy Hash: 762365986107adf507262e8e4ab4e27c6a2bad5909205edba1914df5f28eb92c
                                                              • Instruction Fuzzy Hash: C321E731744B01ABF720D728CC0BF96B3E5AB40720F24816CF161AA1E1DFF5A848EB81
                                                              Function 00F92400 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 00F9241C
                                                              • GetStockObject.GDI32(0000000D), ref: 00F92430
                                                              • GetObjectW.GDI32(00000000,0000005C,?), ref: 00F9244F
                                                              • CreateFontIndirectW.GDI32(?), ref: 00F92480
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Object$CreateDeleteFontIndirectStock
                                                              • String ID: #Hw/
                                                              • API String ID: 1113379131-1770964375
                                                              • Opcode ID: 19f9ceb9f46838dcb8da1276b2a4630a6c2680ccd1129d0765d5d1d9455c6e9f
                                                              • Instruction ID: 464bcd5e52a160b1c089a752992a6939fb31d13a28067a35849327a1bd0f39e2
                                                              • Opcode Fuzzy Hash: 19f9ceb9f46838dcb8da1276b2a4630a6c2680ccd1129d0765d5d1d9455c6e9f
                                                              • Instruction Fuzzy Hash: B611273190478CDBEB11DBA8ED49B6AFBF8BF01714F04011EE8819B5C1CBB4A8089B51
                                                              Function 6F836930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F836BA0: EnterCriticalSection.KERNEL32(6F86A5A4,00000000,00000002,?), ref: 6F836BC7
                                                                • Part of subcall function 6F836BA0: GetClassInfoExW.USER32(00000000,00000000,?), ref: 6F836BFF
                                                                • Part of subcall function 6F836BA0: GetClassInfoExW.USER32(00000000,00000030), ref: 6F836C12
                                                                • Part of subcall function 6F836BA0: LeaveCriticalSection.KERNEL32(6F86A5A4), ref: 6F836C1D
                                                                • Part of subcall function 6F836D60: SetLastError.KERNEL32(0000000E,00000002,?,?,6F836986,00000002,00000000,00000000,400110C4,00000024,00000000,?,?,00000000,?,6F837ACE), ref: 6F836D7B
                                                              • SendMessageW.USER32(?,00000030,?,00000001), ref: 6F836996
                                                              • CreateCaret.USER32(?,?,00000000,00000000), ref: 6F8369A2
                                                              • ShowCaret.USER32(?), ref: 6F8369AB
                                                              • SendMessageW.USER32(?,000000D3,00000003,00000000), ref: 6F8369BD
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CaretClassCriticalInfoMessageSectionSend$CreateEnterErrorLastLeaveShow
                                                              • String ID: EDIT
                                                              • API String ID: 2803113841-3080729518
                                                              • Opcode ID: d8b0ae685f8e763723f1b61098060e58bd80e946929a16b6d76967be07524dce
                                                              • Instruction ID: 2efd82e973e0287bc293ba788436b086198c09ff9db2bcda792011a91e049b82
                                                              • Opcode Fuzzy Hash: d8b0ae685f8e763723f1b61098060e58bd80e946929a16b6d76967be07524dce
                                                              • Instruction Fuzzy Hash: 00019672B40A14BBDB211A94DD06F66BBA9FF45B11F000195FB08BB5D0C7A1B930DBD0
                                                              Function 00F9F750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MonitorFromPoint.USER32(00000000,?,00000000), ref: 00F9F76A
                                                              • MonitorFromPoint.USER32(00000000,?,00000002), ref: 00F9F778
                                                              • GetMonitorInfoW.USER32(00000000,00000028), ref: 00F9F7AB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Monitor$FromPoint$Info
                                                              • String ID: #Hw/$(
                                                              • API String ID: 1942056148-1351227599
                                                              • Opcode ID: 22eb8360b3e50a8a5aa853bf404bac5c6925445bc487c53cf0022fe851f73cc0
                                                              • Instruction ID: 8ec7630047110aed5dcc1a68863d3955be074523b612985ec89750c48dcb9212
                                                              • Opcode Fuzzy Hash: 22eb8360b3e50a8a5aa853bf404bac5c6925445bc487c53cf0022fe851f73cc0
                                                              • Instruction Fuzzy Hash: 9E112A70E052199BDF149FA9A845AEEBBB4EB48710F00812EE415F3340DB3199049FA9
                                                              Function 6F815D86 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6F815D37,?,?,6F815CD7,?,6F823680,0000000C,6F815E0A,00000000,00000000), ref: 6F815DA6
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6F815DB9
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,6F815D37,?,?,6F815CD7,?,6F823680,0000000C,6F815E0A,00000000,00000000,00000001,6F812BAE), ref: 6F815DDC
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: b9b7346db540ad49db4ae7454e930c7c4c92348bb2fcfa8239f159d7cd997c15
                                                              • Instruction ID: 8db81eb2b0f469325ce40c52d0f14ee54ac4e23dac794732976ae20727e822c4
                                                              • Opcode Fuzzy Hash: b9b7346db540ad49db4ae7454e930c7c4c92348bb2fcfa8239f159d7cd997c15
                                                              • Instruction Fuzzy Hash: D8F0313050461EBFDF05DF55C849BDEBBB5FF05321F1046E5E805AA640DB34AA54CBA1
                                                              Function 6F84DA26 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6F84D9D7,00000000,?,6F84D977,00000000,6F865CB8,0000000C,6F84DABF,00000000,00000002), ref: 6F84DA46
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6F84DA59
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,6F84D9D7,00000000,?,6F84D977,00000000,6F865CB8,0000000C,6F84DABF,00000000,00000002), ref: 6F84DA7C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: 72f6384344abfe7e7998095559729718abd015c8c13c703aadf1a24f49fcc4fd
                                                              • Instruction ID: 6c54eeeb37ed7200258a6e239e1430a3025e884b7cfbb82ce03562af46dd28fc
                                                              • Opcode Fuzzy Hash: 72f6384344abfe7e7998095559729718abd015c8c13c703aadf1a24f49fcc4fd
                                                              • Instruction Fuzzy Hash: F7F03C3190460CBBCF459FA4C809BEEBFA5EB06325F0044E6E805AA250DB349A60CAA0
                                                              Function 6CF38CE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,6CF38C91,?,?,6CF38C31,?,6CF501A0,0000000C,6CF38D64,00000000,00000000), ref: 6CF38D00
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CF38D13
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,6CF38C91,?,?,6CF38C31,?,6CF501A0,0000000C,6CF38D64,00000000,00000000,00000001,6CF31D51), ref: 6CF38D36
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: 57f3215796344786663ef038a4ed587c9488190e8214edbb2d88bb64300d5bfa
                                                              • Instruction ID: 09b045b94dcd39a6dee6cab43c59e3d7de614240ecf25d9f32e17f073faad2ae
                                                              • Opcode Fuzzy Hash: 57f3215796344786663ef038a4ed587c9488190e8214edbb2d88bb64300d5bfa
                                                              • Instruction Fuzzy Hash: 10F04471A1121CBBDF41AF64CC08BDEBFB4EB55759F108156F809E2651DB358A44CAD0
                                                              Function 6CF25820 Relevance: 7.8, APIs: 5, Instructions: 302registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,00000000,6CF4AA54,?,80000001,00000000,0002001F), ref: 6CF25953
                                                              • RegCloseKey.ADVAPI32(00000000,?,80070057,00000010,?), ref: 6CF25A0A
                                                              • RegCloseKey.ADVAPI32(00000000,6CF4AA54,?,80070057,00000010), ref: 6CF25A48
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6CF25AE1
                                                              • RegCloseKey.ADVAPI32(00000000,00000000,?,80000001,00000000,0002001F), ref: 6CF25B03
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID:
                                                              • API String ID: 2393043351-0
                                                              • Opcode ID: 83fc30322ec4ecb6871ca77f6731de4c3019aeb72b5a32764c6a82c19f7d6958
                                                              • Instruction ID: a9950b023e7cb9116bb8fed4287f80a3f6ee54908fb77ca3dd7a099151ba6b90
                                                              • Opcode Fuzzy Hash: 83fc30322ec4ecb6871ca77f6731de4c3019aeb72b5a32764c6a82c19f7d6958
                                                              • Instruction Fuzzy Hash: ECC18D70A016099BDB00CFA9C888B9EFBB4FF45329F148269E815D7795EB39D905CF90
                                                              Function 6F83A2B0 Relevance: 7.7, APIs: 5, Instructions: 248COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MetricsSystem$Window$Rect$CursorLong$EmptyInflateInvalidateLoadShow
                                                              • String ID:
                                                              • API String ID: 2822353520-0
                                                              • Opcode ID: 4473e84c93fb53a41b4b197f100ba8ad18a8fb8d24336c55440a111d6c50c76f
                                                              • Instruction ID: 4099a196836d983d37799ea9f23bf2414539c4f5568dd667855a471dabc1b548
                                                              • Opcode Fuzzy Hash: 4473e84c93fb53a41b4b197f100ba8ad18a8fb8d24336c55440a111d6c50c76f
                                                              • Instruction Fuzzy Hash: 03918676A04324AFEF158FACC88479F36E9AB42714F400989F4955F295CBB9549087D3
                                                              Function 6F8523BC Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,0000001D,6F84CFA6,6F84CFA6,?,?,?,6F85260D,00000001,00000001,99E85006), ref: 6F852416
                                                              • __alloca_probe_16.LIBCMT ref: 6F85244E
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6F85260D,00000001,00000001,99E85006,?,?,?), ref: 6F85249C
                                                              • __alloca_probe_16.LIBCMT ref: 6F852533
                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,99E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6F852596
                                                                • Part of subcall function 6F84E764: HeapAlloc.KERNEL32(00000000,00000004,?,?,6F8488B6,00000004,?,6F839E88,000003AC,?,?,?,?,?,6F836FC5), ref: 6F84E796
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$__alloca_probe_16$AllocHeap
                                                              • String ID:
                                                              • API String ID: 1139170231-0
                                                              • Opcode ID: 21768565b1e2c75fd82ac956469f75add32d22c1b816570531aba34968fedb57
                                                              • Instruction ID: 625fccfb4ae5d242ccc067f088dad014558c2a2a8286c2c62eec6d4df58a42d4
                                                              • Opcode Fuzzy Hash: 21768565b1e2c75fd82ac956469f75add32d22c1b816570531aba34968fedb57
                                                              • Instruction Fuzzy Hash: 4951D67261021AAFEB998E64CC91EAF37A9EF44754F114AE9FC14DE180DF38EC64C650
                                                              Function 6F843050 Relevance: 7.7, APIs: 5, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 6F843074
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6F843089
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F843090
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F843095
                                                              • MulDiv.KERNEL32(00000003,00000060,00000060), ref: 6F8430A4
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$Release
                                                              • String ID:
                                                              • API String ID: 1035833867-0
                                                              • Opcode ID: fcf0785b22ddf56818c6099bbeee0249a782038eea60b943f56fdced1fa5d027
                                                              • Instruction ID: 983a07f083ff670b27bc82f71e1f6c65d8fa371c35c8eb9664c1c011eadbeb1e
                                                              • Opcode Fuzzy Hash: fcf0785b22ddf56818c6099bbeee0249a782038eea60b943f56fdced1fa5d027
                                                              • Instruction Fuzzy Hash: F661D871A00A129FC758CF3EC984655FBE1BB88610B45863EE85DD3B44D734F829CB91
                                                              Function 6F816590 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID:
                                                              • API String ID: 269201875-0
                                                              • Opcode ID: bc824c84d672bae1ca5b438477bf4441d96743607dbcade522d2eff075de34f4
                                                              • Instruction ID: f650e90e05807c5a116f6fff378cad1cab429dd54709f5227983d89ad2dd7d05
                                                              • Opcode Fuzzy Hash: bc824c84d672bae1ca5b438477bf4441d96743607dbcade522d2eff075de34f4
                                                              • Instruction Fuzzy Hash: F541AF32A04705ABCB14CF7CC890A5DB7B5EF86718F158AE9D955EF294EB31E901CB80
                                                              Function 6F84E1FF Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID:
                                                              • API String ID: 269201875-0
                                                              • Opcode ID: 5dd644f97d43bb7109abc197f8d2d9710f74a1d5dd9b565d63cf50835ca04eb8
                                                              • Instruction ID: 13ac13bf9f6701b361add32a80081abf91abb6af7d30c9f4ada726f5ce9da415
                                                              • Opcode Fuzzy Hash: 5dd644f97d43bb7109abc197f8d2d9710f74a1d5dd9b565d63cf50835ca04eb8
                                                              • Instruction Fuzzy Hash: 1C419436A00718EFDB14DFBCC880A59B7B5EF85714F1549E9E915EF281D731A901CB81
                                                              Function 6CF394B9 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID:
                                                              • API String ID: 269201875-0
                                                              • Opcode ID: b472c344d971f8dfa65ce1ae270ef1ad54a5d6955d28ad0f2aac591fd168da5c
                                                              • Instruction ID: 71c65d7e378bea4bedb2228c24ea350c26a29bc07e7b3b31bd060a421e470c9c
                                                              • Opcode Fuzzy Hash: b472c344d971f8dfa65ce1ae270ef1ad54a5d6955d28ad0f2aac591fd168da5c
                                                              • Instruction Fuzzy Hash: A941D432E01220AFDB10CF78C880A99B7F5EF89318B159269D919EB741DF31EA41CBD0
                                                              Function 6F838F10 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DeleteGlobalObject$FreeSelectUnlock
                                                              • String ID:
                                                              • API String ID: 1678361806-0
                                                              • Opcode ID: 983cbd11584fe77683689b0f6b33c30be0ea56cda646a3366d38c04167d6646d
                                                              • Instruction ID: 54d30d7fe7720b0e2b196a2135f1843a435c713642ce94d9a31ff5048ce064a4
                                                              • Opcode Fuzzy Hash: 983cbd11584fe77683689b0f6b33c30be0ea56cda646a3366d38c04167d6646d
                                                              • Instruction Fuzzy Hash: BB511535601B009FEB688FA5C558B66BBE5FF08705F00489DE956CBAA0CBB6F404CF90
                                                              Function 6F8422B0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DeleteGlobalObject$FreeSelectUnlock
                                                              • String ID:
                                                              • API String ID: 1678361806-0
                                                              • Opcode ID: b82f75ed7d53fea0f31b44bb3591e5d775a98419e34612df22e6c588359a4df4
                                                              • Instruction ID: ac3c6a2bfd1ed824f12e94f443aa5abec068697f8e541d511142d4c89a82e69d
                                                              • Opcode Fuzzy Hash: b82f75ed7d53fea0f31b44bb3591e5d775a98419e34612df22e6c588359a4df4
                                                              • Instruction Fuzzy Hash: 9241C774205B049FEB288F65C558B6ABBF4FF09705F00489DE956CBAA1C7BAF404CB50
                                                              Function 6CF3F604 Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(?,00000000,82E85006,6CF35C71,00000000,00000000,6CF36EFE,?,6CF36EFE,?,00000001,6CF35C71,82E85006,00000001,6CF36EFE,6CF36EFE), ref: 6CF3F651
                                                              • __alloca_probe_16.LIBCMT ref: 6CF3F689
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6CF3F6DA
                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CF3F6EC
                                                              • __freea.LIBCMT ref: 6CF3F6F5
                                                                • Part of subcall function 6CF3997F: HeapAlloc.KERNEL32(00000000,?,00000004,?,6CF3BC6A,?,00000000,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546), ref: 6CF399B1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                              • String ID:
                                                              • API String ID: 1857427562-0
                                                              • Opcode ID: 66e6a41c58b6287bfe6f78c6afe77d3db10a5d72ad2a372eabc3079467515a3e
                                                              • Instruction ID: 9f233bdb63499098c0afe99625bec4c0c4830e22c7d802d0e70e78d4018c3a36
                                                              • Opcode Fuzzy Hash: 66e6a41c58b6287bfe6f78c6afe77d3db10a5d72ad2a372eabc3079467515a3e
                                                              • Instruction Fuzzy Hash: D031CE72A1122AABDF148F65CC44EEE3BB5EB41218B104168EC18D7660EB35D954CBE0
                                                              Function 6CF268D0 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                              • SetLastError.KERNEL32(00000000), ref: 6CF26939
                                                              • GetModuleFileNameW.KERNEL32(6CF20000,00000010,000007D0), ref: 6CF2696A
                                                              • GetLastError.KERNEL32 ref: 6CF2697A
                                                              • GetModuleFileNameW.KERNEL32(00000000,00000010,00002710), ref: 6CF269B9
                                                              • GetLastError.KERNEL32 ref: 6CF269CA
                                                                • Part of subcall function 6CF21800: __CxxThrowException@8.LIBVCRUNTIME ref: 6CF21812
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$FileInit_thread_footerModuleName$Exception@8HeapProcessThrow
                                                              • String ID:
                                                              • API String ID: 1359969811-0
                                                              • Opcode ID: 39fc9c7bde3f7f78ead65736a4283a9cc77a95ce30c4e38cc22c389780640370
                                                              • Instruction ID: d450379f48753c8de0bc296362fc2c16af46a2c7bf9e45fb7a6682ec48e1c6d6
                                                              • Opcode Fuzzy Hash: 39fc9c7bde3f7f78ead65736a4283a9cc77a95ce30c4e38cc22c389780640370
                                                              • Instruction Fuzzy Hash: 7A41A671A142059BDB04DFE9C888BAEBBF4FF05328F11452AF915E7780DB79A9048B90
                                                              Function 6F811440 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateRectRgnIndirect.GDI32(?), ref: 6F811492
                                                              • CreateRectRgnIndirect.GDI32(?), ref: 6F8114B3
                                                              • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 6F8114BC
                                                              • DeleteObject.GDI32(00000000), ref: 6F8114CD
                                                              • DeleteDC.GDI32(00000000), ref: 6F81151D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateDeleteIndirectRect$CombineObject
                                                              • String ID:
                                                              • API String ID: 328478760-0
                                                              • Opcode ID: 46c113eb5d098920e8bc6e199556bf55a3c20ebfa489442db98619103e9165d7
                                                              • Instruction ID: 550caedcc074e38abd55825bb0e36775de22947062f07505860134a97e9b9896
                                                              • Opcode Fuzzy Hash: 46c113eb5d098920e8bc6e199556bf55a3c20ebfa489442db98619103e9165d7
                                                              • Instruction Fuzzy Hash: 9D218F71A0465ADFDF10CFA9C884B9ABBBCFF55710F1006AAD914AB240C774A904CBA1
                                                              Function 6F818900 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 6F818909
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F81892C
                                                                • Part of subcall function 6F816A24: HeapAlloc.KERNEL32(00000000,00000000,?,?,6F8113C0,00000009,00000000,80004005,00000000,6F8112B1), ref: 6F816A56
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6F818952
                                                              • _free.LIBCMT ref: 6F818965
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F818974
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                              • String ID:
                                                              • API String ID: 2278895681-0
                                                              • Opcode ID: 29ad117605bee5751e1aefdbd624cb4a9d158deac52174ae4b63896ffd9e6002
                                                              • Instruction ID: 8d3d70323d70aaa5f5ff10512d3f2aa513d2ac55fa86082d5f756e5d114e270c
                                                              • Opcode Fuzzy Hash: 29ad117605bee5751e1aefdbd624cb4a9d158deac52174ae4b63896ffd9e6002
                                                              • Instruction Fuzzy Hash: D101B57260DA177F2B11C6BA6C8ECBB2A6DEAC7F6171007A9F814DA140DB659C01C1B1
                                                              Function 6F851962 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 6F85196B
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6F85198E
                                                                • Part of subcall function 6F84E764: HeapAlloc.KERNEL32(00000000,00000004,?,?,6F8488B6,00000004,?,6F839E88,000003AC,?,?,?,?,?,6F836FC5), ref: 6F84E796
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6F8519B4
                                                              • _free.LIBCMT ref: 6F8519C7
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6F8519D6
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                              • String ID:
                                                              • API String ID: 2278895681-0
                                                              • Opcode ID: 1cc585768e213e01587a4588ac16c56e41fb787351feb223ce903be709d1947e
                                                              • Instruction ID: c6659ab547d365b09ef31fe7347f7d54581c7801a3c5c229f66f0a735d181748
                                                              • Opcode Fuzzy Hash: 1cc585768e213e01587a4588ac16c56e41fb787351feb223ce903be709d1947e
                                                              • Instruction Fuzzy Hash: FD01B572601F187B6B915E7A5C8CDBB6EADDAC3AAC34005AAB814CB140DA649C21C1B0
                                                              Function 6CF3D055 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetEnvironmentStringsW.KERNEL32 ref: 6CF3D05E
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CF3D081
                                                                • Part of subcall function 6CF3997F: HeapAlloc.KERNEL32(00000000,?,00000004,?,6CF3BC6A,?,00000000,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546), ref: 6CF399B1
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6CF3D0A7
                                                              • _free.LIBCMT ref: 6CF3D0BA
                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6CF3D0C9
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                              • String ID:
                                                              • API String ID: 2278895681-0
                                                              • Opcode ID: 7001dc2acc5dba5f19b14da3b8fbe172e799c530deac116f32e2b658eee383df
                                                              • Instruction ID: 8152870c9ffb1c7fa3779f5010d0811d30a0f83bbf1d2fdbcd5026b1a36e37af
                                                              • Opcode Fuzzy Hash: 7001dc2acc5dba5f19b14da3b8fbe172e799c530deac116f32e2b658eee383df
                                                              • Instruction Fuzzy Hash: 8F0192A26166607B2721167A5C48D7B3A7DDEC3EA83114118BD08C7709DE65CD0282F1
                                                              Function 6F8459E0 Relevance: 7.6, APIs: 5, Instructions: 67stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6F8464F6,?,00000001,6EB740BD,00000000,00000000), ref: 6F8459EC
                                                              • lstrcmpiW.KERNEL32(?,6F8464F6,?,00000000,75BFA7D0,?,6F8464F6,?,00000001,6EB740BD,00000000,00000000), ref: 6F845A07
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6F8464F6,?,00000001,6EB740BD,00000000,00000000), ref: 6F845A1D
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6F8464F6,?,00000001,6EB740BD,00000000,00000000), ref: 6F845A44
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000000,75BFA7D0,?,6F8464F6,?,00000001,6EB740BD,00000000,00000000), ref: 6F845A5E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$EnterExceptionRaiselstrcmpi
                                                              • String ID:
                                                              • API String ID: 1294165370-0
                                                              • Opcode ID: 136b22f96f8fe652668910a8f4a2b3aaed679aa5aa747296c523a31e50b61e16
                                                              • Instruction ID: aa7e0f472dc7dc65fb2a2b83257976727ea7701ea7c1206d2853e181741467aa
                                                              • Opcode Fuzzy Hash: 136b22f96f8fe652668910a8f4a2b3aaed679aa5aa747296c523a31e50b61e16
                                                              • Instruction Fuzzy Hash: 6C113032640A29BBDE10DF98C889E8AF768FF14778B414566F5659B540C730F825CBE0
                                                              Function 6CF2BDB0 Relevance: 7.6, APIs: 5, Instructions: 67stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BDBC
                                                              • lstrcmpiW.KERNEL32(?,6CF2C8E6,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BDD7
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BDED
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BE14
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BE2E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$EnterExceptionRaiselstrcmpi
                                                              • String ID:
                                                              • API String ID: 1294165370-0
                                                              • Opcode ID: de4051894c9a20a81621df167202c3042ecc6109bea18da7d3a2b395da10b560
                                                              • Instruction ID: 349bc9251bd7e7c9c1f77d12d5d3646ed59abd35f5bd317b8b3e71ce3c8d7920
                                                              • Opcode Fuzzy Hash: de4051894c9a20a81621df167202c3042ecc6109bea18da7d3a2b395da10b560
                                                              • Instruction Fuzzy Hash: F411A572B00925ABCB109BD9D844F86F778FB14769F418622FA66D7940C731F811CBE0
                                                              Function 00F989B0 Relevance: 7.6, APIs: 5, Instructions: 67stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,00F994B6,?,00000001,77E44823,00000000,00000000), ref: 00F989BC
                                                              • lstrcmpiW.KERNEL32(?,00F994B6,?,00000000,75BFA7D0,?,00F994B6,?,00000001,77E44823,00000000,00000000), ref: 00F989D7
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,00F994B6,?,00000001,77E44823,00000000,00000000), ref: 00F989ED
                                                              • LeaveCriticalSection.KERNEL32(?,?,00000000,75BFA7D0,?,00F994B6,?,00000001,77E44823,00000000,00000000), ref: 00F98A14
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,00000000,75BFA7D0,?,00F994B6,?,00000001,77E44823,00000000,00000000), ref: 00F98A2E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$EnterExceptionRaiselstrcmpi
                                                              • String ID:
                                                              • API String ID: 1294165370-0
                                                              • Opcode ID: dd3f8843487e93b7cba37254da6149211846520976d8e32497f37f2872d63f12
                                                              • Instruction ID: d8def2075b156247f7189e4bcd15378d97745beaf5e792f0761056aca35d2403
                                                              • Opcode Fuzzy Hash: dd3f8843487e93b7cba37254da6149211846520976d8e32497f37f2872d63f12
                                                              • Instruction Fuzzy Hash: 45117032600529BBEB209B99DC88E96F768FB057B4F014226F66597550CB30E812DBD2
                                                              Function 6F835B90 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 6F835BA4
                                                              • GetWindowLongW.USER32(?,000000FC), ref: 6F835BBA
                                                              • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 6F835BCE
                                                              • GetWindowLongW.USER32(?,000000FC), ref: 6F835BE7
                                                              • SetWindowLongW.USER32(?,000000FC,?), ref: 6F835BF6
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Long$CallProc
                                                              • String ID:
                                                              • API String ID: 513923721-0
                                                              • Opcode ID: 80029b807b6c26304889651f35201764318a68bd3fa31c1327c806e392437fff
                                                              • Instruction ID: b85e35a8b1ec11e03c1921b7b1fbcf7b263bb659712f0ab81a817e45cbb41666
                                                              • Opcode Fuzzy Hash: 80029b807b6c26304889651f35201764318a68bd3fa31c1327c806e392437fff
                                                              • Instruction Fuzzy Hash: 622150325047199FCB259F58D94099BBBF1FF49360B108A5DF8AA9A670C731E920DF80
                                                              Function 6F833200 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipSetPageUnit.GDIPLUS(?,00000002), ref: 6F833219
                                                              • GdipCreatePath.GDIPLUS(00000000,?,?,00000002), ref: 6F833239
                                                              • GdipFillPath.GDIPLUS(?,?,00000000), ref: 6F833277
                                                              • GdipSetPageUnit.GDIPLUS(?,00000000,?,?,00000000), ref: 6F833287
                                                              • GdipDeletePath.GDIPLUS(00000000,?,00000000,?,?,00000000), ref: 6F833297
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Path$PageUnit$CreateDeleteFill
                                                              • String ID:
                                                              • API String ID: 1252783908-0
                                                              • Opcode ID: 1c4ef2425e4d755dd00a77ded4885dd9998a80c74c35f49bd69c199d628abb1a
                                                              • Instruction ID: 2d9cdf52a61dc182050c64b387a43f006e0b22a9fa592a92860d0108170060a6
                                                              • Opcode Fuzzy Hash: 1c4ef2425e4d755dd00a77ded4885dd9998a80c74c35f49bd69c199d628abb1a
                                                              • Instruction Fuzzy Hash: B0212975A00209EFEB50DFA8D945AAABBF5FF44351F1085AAE818DB211E731D920CBD0
                                                              Function 6F836600 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 6F836625
                                                              • ScreenToClient.USER32(?,00000000), ref: 6F836632
                                                              • GetWindowRect.USER32(?,?), ref: 6F83665B
                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 6F83669A
                                                              • SetCursor.USER32(00000000), ref: 6F8366A1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Cursor$ClientLoadRectScreenWindow
                                                              • String ID:
                                                              • API String ID: 1383809864-0
                                                              • Opcode ID: 081ef29c99eca3283fb01a9ddc2c807273a6f54fe0b8935af7bb6750d90d7dfb
                                                              • Instruction ID: cbee7c27484d29b8ccbd189540d4b4fe1cebbb94e04c56a0940571e2a86d0241
                                                              • Opcode Fuzzy Hash: 081ef29c99eca3283fb01a9ddc2c807273a6f54fe0b8935af7bb6750d90d7dfb
                                                              • Instruction Fuzzy Hash: 9F210871E0462E9BDF449FA8C948BAEBBF5EB45311F0045A9E805B7280D778A914CFD0
                                                              Function 6F844BB0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,?), ref: 6F844BDD
                                                              • GetDC.USER32(00000000), ref: 6F844BE6
                                                              • GetTextMetricsW.GDI32(00000000,?), ref: 6F844C03
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F844C11
                                                              • GetSystemMetrics.USER32(0000000F), ref: 6F844C2C
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Metrics$ItemReleaseSystemText
                                                              • String ID:
                                                              • API String ID: 2181213798-0
                                                              • Opcode ID: d0bca6b8264f386ed7c2f00d1f475769d14e8da11a4474859440c0be2461b267
                                                              • Instruction ID: df94b67fe49b47356cc6cffb94b6faf8c04f3c87a2cf8c2b175b51c3abcda5b7
                                                              • Opcode Fuzzy Hash: d0bca6b8264f386ed7c2f00d1f475769d14e8da11a4474859440c0be2461b267
                                                              • Instruction Fuzzy Hash: 33115472A00208EBDF14DF64DC44ABEB7B8FF59311F0044AAED05DB240DB759925CBA1
                                                              Function 6F840A40 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnumDisplayMonitors.USER32(00000000,00000000,6F840980,?,00000000,75BF4000), ref: 6F840A6A
                                                              • CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A74
                                                              • CreateRectRgnIndirect.GDI32(00000000), ref: 6F840A91
                                                              • CombineRgn.GDI32(?,?,00000000,00000002), ref: 6F840AA1
                                                              • DeleteObject.GDI32(00000000), ref: 6F840AAC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateIndirectRect$CombineDeleteDisplayEnumMonitorsObject
                                                              • String ID:
                                                              • API String ID: 1057758528-0
                                                              • Opcode ID: ae83134c8fdd43e4a6c5ab6729ca1e2cb2c5043f0c4c684d72e26d1047dfdc3b
                                                              • Instruction ID: 45b6588bb2387ca1eeb324e566f310a430cf37abdd40b46122393e05e1680bb4
                                                              • Opcode Fuzzy Hash: ae83134c8fdd43e4a6c5ab6729ca1e2cb2c5043f0c4c684d72e26d1047dfdc3b
                                                              • Instruction Fuzzy Hash: CC117072A00218BBDF00DF988C49BAFB779FB95720F110899E924B7240C775B914CBA0
                                                              Function 6F8364B0 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$Show$CaptureRelease
                                                              • String ID:
                                                              • API String ID: 729727748-0
                                                              • Opcode ID: c0492834b02381d2e9139147b588cdf6c7f8d033d992358248715b10f74032a8
                                                              • Instruction ID: 167d7634e1142148002a5f16706c0f4dd44db215ac29da84ad4a423e2ed4138b
                                                              • Opcode Fuzzy Hash: c0492834b02381d2e9139147b588cdf6c7f8d033d992358248715b10f74032a8
                                                              • Instruction Fuzzy Hash: 07118F32600A15ABD7058B68C941BDAFBE8FF09320F0403ABD91887660DB71B821CFD0
                                                              Function 6F84F3ED Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,00000004,?,6F84BE26,6F84E7A7,?,?,6F8488B6,00000004,?,6F839E88,000003AC), ref: 6F84F3F2
                                                              • _free.LIBCMT ref: 6F84F427
                                                              • _free.LIBCMT ref: 6F84F44E
                                                              • SetLastError.KERNEL32(00000000), ref: 6F84F45B
                                                              • SetLastError.KERNEL32(00000000), ref: 6F84F464
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free
                                                              • String ID:
                                                              • API String ID: 3170660625-0
                                                              • Opcode ID: 136d4072d228ab14a98e14d1a25c8ff371ef0dc08c7efd6d85fbfdb5b03f34d4
                                                              • Instruction ID: 17fcbe9c707a1e056a3e58f13c05ac32364836697e170c519ad9185eab77baef
                                                              • Opcode Fuzzy Hash: 136d4072d228ab14a98e14d1a25c8ff371ef0dc08c7efd6d85fbfdb5b03f34d4
                                                              • Instruction Fuzzy Hash: 6901F936285B0C7B9A0656389C84D1B3569EFE337D7214DECF5189F2C0EF38991182A1
                                                              Function 6CF3AC02 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,?,6CF383AA,6CF3BC88,?,6CF38308,?,00000004,00000001,?,?,?,6CF39546,?,00000001), ref: 6CF3AC07
                                                              • _free.LIBCMT ref: 6CF3AC3C
                                                              • _free.LIBCMT ref: 6CF3AC63
                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,6CF21537,?,6CF21537), ref: 6CF3AC70
                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,6CF21537,?,6CF21537), ref: 6CF3AC79
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$_free
                                                              • String ID:
                                                              • API String ID: 3170660625-0
                                                              • Opcode ID: ff490ac25e3a63390e8f3a5aa2ab1f383a05d3ebabca752c3d6f76b29f1bf84e
                                                              • Instruction ID: daccd73b628fed6e5407147d00e7aa318df83db6a1e37095dc75d5c307767311
                                                              • Opcode Fuzzy Hash: ff490ac25e3a63390e8f3a5aa2ab1f383a05d3ebabca752c3d6f76b29f1bf84e
                                                              • Instruction Fuzzy Hash: C801DB736469207B8E0252BB0D88A5B35B99BD3ABD7256615F51CD2B81EF25C40981E0
                                                              Function 6F836560 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ClientToScreen.USER32(?,?), ref: 6F836576
                                                              • ScreenToClient.USER32(?,?), ref: 6F83659E
                                                              • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000000D), ref: 6F8365B5
                                                              • InvalidateRect.USER32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6F8365C5
                                                              • RedrawWindow.USER32(?,00000000,00000000,00000521,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6F8365D7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClientScreenWindow$InvalidateRectRedraw
                                                              • String ID:
                                                              • API String ID: 3955937524-0
                                                              • Opcode ID: b5cc5223acd04a6824709c54b7255b20856028fc2575f55c038a67ee3c85515d
                                                              • Instruction ID: 3910c1387a36c076b321bab6b4670e10b20fd2f4abf5c596343bacaeca3270e9
                                                              • Opcode Fuzzy Hash: b5cc5223acd04a6824709c54b7255b20856028fc2575f55c038a67ee3c85515d
                                                              • Instruction Fuzzy Hash: 21111C32940704AFDB20DF98CD46F8ABBF4FB09710F10859AF655A65A0C7B1F420CB94
                                                              Function 6F835750 Relevance: 7.5, APIs: 5, Instructions: 41threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,?,?,6F83A00C), ref: 6F835759
                                                              • GetCurrentThreadId.KERNEL32 ref: 6F835769
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,6F83A00C), ref: 6F835784
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,6F83A00C), ref: 6F8357A2
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,6F83A00C), ref: 6F8357B7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$CurrentEnterThread
                                                              • String ID:
                                                              • API String ID: 2905768538-0
                                                              • Opcode ID: b58d866686a55374456187e8fc7df386ea2f2ff88df00693e3335e7b3e8d89e8
                                                              • Instruction ID: e09641570df9aded66e70f977922a1e18265713effa0fe37124f7127b585896d
                                                              • Opcode Fuzzy Hash: b58d866686a55374456187e8fc7df386ea2f2ff88df00693e3335e7b3e8d89e8
                                                              • Instruction Fuzzy Hash: 65F06D367016319B8F949FAAA80C45977A1AFC672631504AAF505DB300DA24B851CBD0
                                                              Function 6CF289A0 Relevance: 7.5, APIs: 5, Instructions: 41threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(6CF538E0,?,?,6CF28D39,?,?,?,?,6CF28B92), ref: 6CF289A9
                                                              • GetCurrentThreadId.KERNEL32 ref: 6CF289B9
                                                              • LeaveCriticalSection.KERNEL32(6CF538E0,?,?,?,6CF28B92), ref: 6CF289D4
                                                              • LeaveCriticalSection.KERNEL32(6CF538E0,?,?,?,6CF28B92), ref: 6CF289F2
                                                              • LeaveCriticalSection.KERNEL32(6CF538E0,?,?,?,6CF28B92), ref: 6CF28A07
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$CurrentEnterThread
                                                              • String ID:
                                                              • API String ID: 2905768538-0
                                                              • Opcode ID: 5a9084d25955e3b11e2a4dc7e96a90153ec1b50dda1c616b029f0656037fceff
                                                              • Instruction ID: 06ca425359db651eebaca502e0227c22aeba586728ced9ef42c67d9eeeb77763
                                                              • Opcode Fuzzy Hash: 5a9084d25955e3b11e2a4dc7e96a90153ec1b50dda1c616b029f0656037fceff
                                                              • Instruction Fuzzy Hash: 04F0A4B7B112108B8B546FAFE40470937B0EFE5A1731A452BF956D3A00C631DC86AAA0
                                                              Function 00F93600 Relevance: 7.5, APIs: 5, Instructions: 41threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(00FCC684,?,?), ref: 00F93609
                                                              • GetCurrentThreadId.KERNEL32 ref: 00F93619
                                                              • LeaveCriticalSection.KERNEL32(00FCC684,?,?), ref: 00F93634
                                                              • LeaveCriticalSection.KERNEL32(00FCC684,?,?), ref: 00F93652
                                                              • LeaveCriticalSection.KERNEL32(00FCC684,?,?), ref: 00F93667
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$CurrentEnterThread
                                                              • String ID:
                                                              • API String ID: 2905768538-0
                                                              • Opcode ID: 8fd6dc62b5e89e46a2a1633bf9019d36a146ad058f55b1bea0f3d1246f17ad51
                                                              • Instruction ID: 568ac0a9ca91409c5bbf5d6d2677b32bc5264857b94a7de2566e7d086bc31e1c
                                                              • Opcode Fuzzy Hash: 8fd6dc62b5e89e46a2a1633bf9019d36a146ad058f55b1bea0f3d1246f17ad51
                                                              • Instruction Fuzzy Hash: BCF08135B00211AFDB605B6AFA55D1937A0EFC4B2130A412EE41DD7750D7309C45FF92
                                                              Function 6F819871 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F819889
                                                                • Part of subcall function 6F8169EA: HeapFree.KERNEL32(00000000,00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000), ref: 6F816A00
                                                                • Part of subcall function 6F8169EA: GetLastError.KERNEL32(00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000,00000000), ref: 6F816A12
                                                              • _free.LIBCMT ref: 6F81989B
                                                              • _free.LIBCMT ref: 6F8198AD
                                                              • _free.LIBCMT ref: 6F8198BF
                                                              • _free.LIBCMT ref: 6F8198D1
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 8372a779321553ddb3626ea1a4823b027ba4b8122a0d9a86c3263fdbb004d3a8
                                                              • Instruction ID: 067a2274c32ffd3783e84ec431006ba2265e6436581c50ac36ff6e8f611ea5dc
                                                              • Opcode Fuzzy Hash: 8372a779321553ddb3626ea1a4823b027ba4b8122a0d9a86c3263fdbb004d3a8
                                                              • Instruction Fuzzy Hash: 05F0FF71A49705EF8A14DB6CE489CAA73DDFA057287504E96F85CDF548CB34FC9086E0
                                                              Function 6F85439C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F8543B4
                                                                • Part of subcall function 6F84E72A: HeapFree.KERNEL32(00000000,00000000,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008), ref: 6F84E740
                                                                • Part of subcall function 6F84E72A: GetLastError.KERNEL32(00000008,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008,00000008), ref: 6F84E752
                                                              • _free.LIBCMT ref: 6F8543C6
                                                              • _free.LIBCMT ref: 6F8543D8
                                                              • _free.LIBCMT ref: 6F8543EA
                                                              • _free.LIBCMT ref: 6F8543FC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 0bcaa0d7878a246a5ce594bbb59711a2acad97f7f12cbe8720532d317fc6d532
                                                              • Instruction ID: 818627a78791ad52ea47ba15ec6d249c3f15ec987961096d51d9b3ba9bfa83c2
                                                              • Opcode Fuzzy Hash: 0bcaa0d7878a246a5ce594bbb59711a2acad97f7f12cbe8720532d317fc6d532
                                                              • Instruction Fuzzy Hash: F3F0EC71545A08ABCA58DB68E5D1CA777EAFF416647502C86E05CDF580DB30FCB08694
                                                              Function 6CF3F47B Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6CF3F493
                                                                • Part of subcall function 6CF39945: HeapFree.KERNEL32(00000000,00000000,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?), ref: 6CF3995B
                                                                • Part of subcall function 6CF39945: GetLastError.KERNEL32(?,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?,?), ref: 6CF3996D
                                                              • _free.LIBCMT ref: 6CF3F4A5
                                                              • _free.LIBCMT ref: 6CF3F4B7
                                                              • _free.LIBCMT ref: 6CF3F4C9
                                                              • _free.LIBCMT ref: 6CF3F4DB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 5febdeadf3e1ee3a3d9f8bddd025250bd2595aab4c3559efc3b7443d0ecdec51
                                                              • Instruction ID: f354a79fc9f5569ca3f9b80fcdd933774ae6beb0c75bdb9a7dba4016b5255e6b
                                                              • Opcode Fuzzy Hash: 5febdeadf3e1ee3a3d9f8bddd025250bd2595aab4c3559efc3b7443d0ecdec51
                                                              • Instruction Fuzzy Hash: 06F04F32A12224BF8B91CAA4E084D5673F9EB513243A06849E51DD7E00CF31F88086E4
                                                              Function 00F93250 Relevance: 7.5, APIs: 5, Instructions: 35keyboardCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetAsyncKeyState.USER32(00000011), ref: 00F93264
                                                              • GetAsyncKeyState.USER32(00000010), ref: 00F93271
                                                              • GetAsyncKeyState.USER32(00000012), ref: 00F9327E
                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00F9328B
                                                              • GetAsyncKeyState.USER32(0000005C), ref: 00F93299
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AsyncState
                                                              • String ID:
                                                              • API String ID: 425341421-0
                                                              • Opcode ID: d44fe5b9db02e33b6e1a8a54cd15185de613b0ccb98c744f448a34bdde3c4cb8
                                                              • Instruction ID: 4b0cef1673529f838ee712cf263126eb1bc1a20237822d298b1c7e4aee04746e
                                                              • Opcode Fuzzy Hash: d44fe5b9db02e33b6e1a8a54cd15185de613b0ccb98c744f448a34bdde3c4cb8
                                                              • Instruction Fuzzy Hash: DEF0EC72A51F0C5EF71467A5CD03B62B6D4EF44B51F060629D645C91D0DAD0FA11AE21
                                                              Function 6F836020 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 6F83602E
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83603D
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F836049
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F836055
                                                              • MulDiv.KERNEL32(00000003,?,00000060), ref: 6F836067
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$Release
                                                              • String ID:
                                                              • API String ID: 1035833867-0
                                                              • Opcode ID: 1a59297fbc7cf5ab1e9166b4c7ab45ea0e10bd62e4777c173290968d64e2a6bc
                                                              • Instruction ID: ba6ec099590e6d5fe1b5392c1883ed08a52c2bf7d0f89bda8a3317e96592f816
                                                              • Opcode Fuzzy Hash: 1a59297fbc7cf5ab1e9166b4c7ab45ea0e10bd62e4777c173290968d64e2a6bc
                                                              • Instruction Fuzzy Hash: AEF0E272640B05BFEF500BB4CC49F06BBA8BB26722F004061F3059A1D0CBB99470CBA0
                                                              Function 6CF2AB90 Relevance: 7.5, APIs: 5, Instructions: 31synchronizationtimethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • KillTimer.USER32(?,0000471A,?,?,6CF28E2C), ref: 6CF2ABA7
                                                              • WaitForSingleObject.KERNEL32(?,00000000,?,?,6CF28E2C), ref: 6CF2ABB7
                                                              • TerminateThread.KERNEL32(?,00000000,?,?,6CF28E2C), ref: 6CF2ABC9
                                                              • CloseHandle.KERNEL32(?,?,?,6CF28E2C,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF2ABD2
                                                              • PostMessageW.USER32(?,00000012,00000000,00000000), ref: 6CF2ABE8
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseHandleKillMessageObjectPostSingleTerminateThreadTimerWait
                                                              • String ID:
                                                              • API String ID: 3615916089-0
                                                              • Opcode ID: bf8c1d93d1f8b9cc4589f644304648160f7e233bedc19b521b09f727b034f82c
                                                              • Instruction ID: 65f8b2ca47a7d82cd4ae0d62cafe7cfd86e3f3115420c117057327788aa38d60
                                                              • Opcode Fuzzy Hash: bf8c1d93d1f8b9cc4589f644304648160f7e233bedc19b521b09f727b034f82c
                                                              • Instruction Fuzzy Hash: 2DF03030645B10ABEF602F54CD0AF857BB6AB15F0AF104415F356D54A2C7B5A410DA14
                                                              Function 6F8167DF Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F8167FD
                                                                • Part of subcall function 6F8169EA: HeapFree.KERNEL32(00000000,00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000), ref: 6F816A00
                                                                • Part of subcall function 6F8169EA: GetLastError.KERNEL32(00000000,?,6F819908,00000000,00000000,00000000,00000000,?,6F81992F,00000000,00000007,00000000,?,6F819335,00000000,00000000), ref: 6F816A12
                                                              • _free.LIBCMT ref: 6F81680F
                                                              • _free.LIBCMT ref: 6F816822
                                                              • _free.LIBCMT ref: 6F816833
                                                              • _free.LIBCMT ref: 6F816844
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: c1936bb69e636684e5f5804c20207a64f215ccb5febe0354413ca40e3c5c50e6
                                                              • Instruction ID: 35ae4ed9b19162c71e82cdfbdaaa0661d84c445ee5b5900f84bde73e65ac3f93
                                                              • Opcode Fuzzy Hash: c1936bb69e636684e5f5804c20207a64f215ccb5febe0354413ca40e3c5c50e6
                                                              • Instruction Fuzzy Hash: 65F03075D88B119B8E059F1CDA4580437A1FB077343159ACAF4655E2A8CF346871CAC4
                                                              Function 6F84E451 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6F84E46F
                                                                • Part of subcall function 6F84E72A: HeapFree.KERNEL32(00000000,00000000,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008), ref: 6F84E740
                                                                • Part of subcall function 6F84E72A: GetLastError.KERNEL32(00000008,?,6F854433,00000008,00000000,00000008,00000000,?,6F85445A,00000008,00000007,00000008,?,6F852207,00000008,00000008), ref: 6F84E752
                                                              • _free.LIBCMT ref: 6F84E481
                                                              • _free.LIBCMT ref: 6F84E494
                                                              • _free.LIBCMT ref: 6F84E4A5
                                                              • _free.LIBCMT ref: 6F84E4B6
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 0362853045bc30bed77611c003b5cda6022fa6461baac2e0a243ef8b2d5b4f59
                                                              • Instruction ID: 68f781197eea0606b80d718dfb36264edb18e84218d632ed5ed4968eb179606d
                                                              • Opcode Fuzzy Hash: 0362853045bc30bed77611c003b5cda6022fa6461baac2e0a243ef8b2d5b4f59
                                                              • Instruction Fuzzy Hash: B3F0DA74454E39EFCE05DF28D8808253BA2FB1B67430129C6F4595A294D73129A1CBD6
                                                              Function 6CF39708 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 6CF39726
                                                                • Part of subcall function 6CF39945: HeapFree.KERNEL32(00000000,00000000,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?), ref: 6CF3995B
                                                                • Part of subcall function 6CF39945: GetLastError.KERNEL32(?,?,6CF3F512,?,00000000,?,00000000,?,6CF3F539,?,00000007,?,?,6CF3DA3C,?,?), ref: 6CF3996D
                                                              • _free.LIBCMT ref: 6CF39738
                                                              • _free.LIBCMT ref: 6CF3974B
                                                              • _free.LIBCMT ref: 6CF3975C
                                                              • _free.LIBCMT ref: 6CF3976D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: a177c5393b2f88ad26b0f07a68f930f1b8b59b39d70de9482c908993116e03b8
                                                              • Instruction ID: 39f9aa9ffce80441b9501da6a28d4a986845619dac68c866e093b9cce2ea1e00
                                                              • Opcode Fuzzy Hash: a177c5393b2f88ad26b0f07a68f930f1b8b59b39d70de9482c908993116e03b8
                                                              • Instruction Fuzzy Hash: EFF0BDB0E25630AF8EC29F5CA8486487AB0F727724791620AE61857750DF31565DDFC2
                                                              Function 00FAC238 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 00FAC256
                                                                • Part of subcall function 00FAC6C9: HeapFree.KERNEL32(00000000,00000000,?,00FAFCD1,?,00000000,?,00000000,?,00FAFCF8,?,00000007,?,?,00FB013A,?), ref: 00FAC6DF
                                                                • Part of subcall function 00FAC6C9: GetLastError.KERNEL32(?,?,00FAFCD1,?,00000000,?,00000000,?,00FAFCF8,?,00000007,?,?,00FB013A,?,?), ref: 00FAC6F1
                                                              • _free.LIBCMT ref: 00FAC268
                                                              • _free.LIBCMT ref: 00FAC27B
                                                              • _free.LIBCMT ref: 00FAC28C
                                                              • _free.LIBCMT ref: 00FAC29D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 2b569ed5dab81742b12be797dcdaf3aafb9d4e6673ea826c79093bff7f0393a2
                                                              • Instruction ID: c35a2a0aca61f95b044257340e7296cd81dba934c84a5569fdb851adff58474b
                                                              • Opcode Fuzzy Hash: 2b569ed5dab81742b12be797dcdaf3aafb9d4e6673ea826c79093bff7f0393a2
                                                              • Instruction Fuzzy Hash: A0F05EB9C0522C8B8712AF64FE07C453BA4FB0AB203002206F80997375CB341881BFC5
                                                              Function 6CF27C90 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 264registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                                • Part of subcall function 6CF21800: __CxxThrowException@8.LIBVCRUNTIME ref: 6CF21812
                                                              • RegCloseKey.ADVAPI32(?), ref: 6CF27F6F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footer$CloseException@8HeapProcessThrow
                                                              • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography$d
                                                              • API String ID: 3544293243-3372617203
                                                              • Opcode ID: f8dc1f14ee2784fc3450d3768816dcf3fc0606de71df5e1f2388ab67a0e81b9f
                                                              • Instruction ID: 56b3c9d20d927244c2ebdf30d2df6d37ff23922c991c1eadaa63fa66f8b96145
                                                              • Opcode Fuzzy Hash: f8dc1f14ee2784fc3450d3768816dcf3fc0606de71df5e1f2388ab67a0e81b9f
                                                              • Instruction Fuzzy Hash: 48A1B371A016099BDB00CFA8CC44B9EBBF4EF45328F148169E915EB791EB39DD08CB90
                                                              Function 00FB3778 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #Hw/
                                                              • API String ID: 0-1770964375
                                                              • Opcode ID: 7c2f544244572363c84e6c0382b95146308300d0776389d29b1907fe7dfaa1e1
                                                              • Instruction ID: df97d4863c5874ef0c15fdce5915870d22cd027551fd4a19420cada70b2acbdc
                                                              • Opcode Fuzzy Hash: 7c2f544244572363c84e6c0382b95146308300d0776389d29b1907fe7dfaa1e1
                                                              • Instruction Fuzzy Hash: 3651B3B2D84209DADB11DFA6CC45FEE7BB5AF0A320F140059F811A7291D7749A04FF62
                                                              Function 00F8C580 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,00000000,?,80000001,00000000,0002001F), ref: 00F8C6A0
                                                              • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,?,?), ref: 00F8C6CE
                                                              • RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 00F8C6F5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: QueryValue$Close
                                                              • String ID: #Hw/
                                                              • API String ID: 1979452859-1770964375
                                                              • Opcode ID: 51fade354e16e3533b83798ba18e34c00e925957adb8f19c1021cebc3ccdd701
                                                              • Instruction ID: b38f6ca5a827410436e4f50552a9513cd54078d651abcc05d9fdaf6542263508
                                                              • Opcode Fuzzy Hash: 51fade354e16e3533b83798ba18e34c00e925957adb8f19c1021cebc3ccdd701
                                                              • Instruction Fuzzy Hash: F1514D71A006099BDB11DF68CC44BAEF7B9EF44324F148269E819EB291EB74DD04DBA1
                                                              Function 00F8E040 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetTickCount.KERNEL32 ref: 00F8E0A5
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountErrorException@8HeapLastProcessThrowTick
                                                              • String ID: #Hw/$%u%s%u%lld%u%lu$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                              • API String ID: 353645576-937880189
                                                              • Opcode ID: 76ff243650b23fcca9f8f071c574486bab8070d5b7f9528f8e110668751d4198
                                                              • Instruction ID: 511aeb36c8c0d442ac0def6a594776613c1048f82f15189180b77bb6934737b9
                                                              • Opcode Fuzzy Hash: 76ff243650b23fcca9f8f071c574486bab8070d5b7f9528f8e110668751d4198
                                                              • Instruction Fuzzy Hash: 1241BE71A00209ABDB14EBA8DC45BDEBBF8EF08314F004519E911E7291DB79A904DB51
                                                              Function 00F9B2A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              • SetWindowTextW.USER32(?,?), ref: 00F9B39F
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              • [[screenshot_app.options.system_proxy_not_set]], xrefs: 00F9B342
                                                              • #Hw/, xrefs: 00F9B2B7
                                                              • not set (direct connection), xrefs: 00F9B331
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorException@8HeapLastProcessTextThrowWindow
                                                              • String ID: #Hw/$[[screenshot_app.options.system_proxy_not_set]]$not set (direct connection)
                                                              • API String ID: 1332947878-1919478294
                                                              • Opcode ID: 59243cbb67bac6dfb027ff8d023450591d0d3e19d4056d2a7a5c4ba4f498d14a
                                                              • Instruction ID: 28d1412988f8c6dd2a033049e3c211eac7df61eb7d166fae6ef0814e593a1b74
                                                              • Opcode Fuzzy Hash: 59243cbb67bac6dfb027ff8d023450591d0d3e19d4056d2a7a5c4ba4f498d14a
                                                              • Instruction Fuzzy Hash: E0419071A006099BDB00EBACCD45B9EB7F8EF45324F14826DE425E7291DB349D04DBA1
                                                              Function 6F815E2A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe,00000104), ref: 6F815E6A
                                                              • _free.LIBCMT ref: 6F815F35
                                                              • _free.LIBCMT ref: 6F815F3F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$FileModuleName
                                                              • String ID: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                              • API String ID: 2506810119-1573542021
                                                              • Opcode ID: 0fd730b3086464be96216aefa3a72666fa8dd0284560d98866baf9a99f5772bb
                                                              • Instruction ID: 908b2376c0ec9e2a85df60a6006863184c1fda207f95cd5c76a96f3a9194b5b5
                                                              • Opcode Fuzzy Hash: 0fd730b3086464be96216aefa3a72666fa8dd0284560d98866baf9a99f5772bb
                                                              • Instruction Fuzzy Hash: C4317E71A08359BFDB15CF9DD984D9EBBF8EF86324B1046E6E4049F240DB71AA40CB91
                                                              Function 6F84DACA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe,00000104), ref: 6F84DB0A
                                                              • _free.LIBCMT ref: 6F84DBD5
                                                              • _free.LIBCMT ref: 6F84DBDF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$FileModuleName
                                                              • String ID: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                              • API String ID: 2506810119-1573542021
                                                              • Opcode ID: 9c30b9e3db8804ee2dd0b41bcfa1f7e29bb5fb593ed0634629ffca116e8f0fa4
                                                              • Instruction ID: 379a6b215d8881e5efbb113adfb78b4f412977a0ffb3d10e9d5cf079b714bd25
                                                              • Opcode Fuzzy Hash: 9c30b9e3db8804ee2dd0b41bcfa1f7e29bb5fb593ed0634629ffca116e8f0fa4
                                                              • Instruction Fuzzy Hash: 46318972A0465CFFCF15CF98C98099EBBFAEF86324F1004EAE9049F240D6709A40CB91
                                                              Function 6CF38D84 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe,00000104), ref: 6CF38DC4
                                                              • _free.LIBCMT ref: 6CF38E8F
                                                              • _free.LIBCMT ref: 6CF38E99
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$FileModuleName
                                                              • String ID: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                              • API String ID: 2506810119-1573542021
                                                              • Opcode ID: 67dc7825f748b9bd4151032f02a6b73355967e4068f139bb3f72f03490e74a5e
                                                              • Instruction ID: 040919a0eebd5303aee6edbce6bde6be0ed0ac801f24bf6b8d08bd41b309b5c1
                                                              • Opcode Fuzzy Hash: 67dc7825f748b9bd4151032f02a6b73355967e4068f139bb3f72f03490e74a5e
                                                              • Instruction Fuzzy Hash: 40316071E04264BFDB11CB99D884ADEBBF8EF96714F101057E508DB740D7784A84C790
                                                              Function 00FAB8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe,00000104), ref: 00FAB8DB
                                                              • _free.LIBCMT ref: 00FAB9A6
                                                              • _free.LIBCMT ref: 00FAB9B0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _free$FileModuleName
                                                              • String ID: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
                                                              • API String ID: 2506810119-1573542021
                                                              • Opcode ID: 01d16fa3ef471102dc42ffc53bcd60c5cabe7935f5478c29055d0724e020b5f6
                                                              • Instruction ID: 75effe10e8d68a61022b0f6cf2805f29a0a8d1fe782a49cbb8ad7f4f2c81a4ad
                                                              • Opcode Fuzzy Hash: 01d16fa3ef471102dc42ffc53bcd60c5cabe7935f5478c29055d0724e020b5f6
                                                              • Instruction Fuzzy Hash: C1318EB1E00258AFDB21DF99DD85D9FBBBCEB8A310B10406AF90497212D7744E41EBA1
                                                              Function 00FB3560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,?,00000000,?,?,00FB38BF,?,00000000,?), ref: 00FB3613
                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00FB38BF,?,00000000,?,00000000,00000000,?,00000000), ref: 00FB3641
                                                              • GetLastError.KERNEL32(?,00FB38BF,?,00000000,?,00000000,00000000,?,00000000), ref: 00FB3672
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharErrorFileLastMultiWideWrite
                                                              • String ID: #Hw/
                                                              • API String ID: 2456169464-1770964375
                                                              • Opcode ID: e355975a9ef1b0414e1480f8e2b3b65fb3a95d0f0dc9fe0d2cfdd134000dc5cf
                                                              • Instruction ID: 8f640d1078d9260d17c9178b397ccc89500fba57346399a984de75fdbb67b401
                                                              • Opcode Fuzzy Hash: e355975a9ef1b0414e1480f8e2b3b65fb3a95d0f0dc9fe0d2cfdd134000dc5cf
                                                              • Instruction Fuzzy Hash: 033161B1A00219AFDB24CF59DC91AEAB7B9EF08315F4444ADE90AD7350D730AE80DF60
                                                              Function 6CF26D00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF268D0: SetLastError.KERNEL32(00000000), ref: 6CF26939
                                                                • Part of subcall function 6CF268D0: GetModuleFileNameW.KERNEL32(6CF20000,00000010,000007D0), ref: 6CF2696A
                                                                • Part of subcall function 6CF268D0: GetLastError.KERNEL32 ref: 6CF2697A
                                                                • Part of subcall function 6CF268D0: GetModuleFileNameW.KERNEL32(00000000,00000010,00002710), ref: 6CF269B9
                                                                • Part of subcall function 6CF268D0: GetLastError.KERNEL32 ref: 6CF269CA
                                                              • _wcsrchr.LIBVCRUNTIME ref: 6CF26DC4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$FileModuleName$_wcsrchr
                                                              • String ID: Lightshot.exe$firefox.exe$plugin-container.exe
                                                              • API String ID: 1714886276-4122283537
                                                              • Opcode ID: 742dd14bfc46e59f141e9cfb9f2c86578105f0f160bebb770c11203e8e06a393
                                                              • Instruction ID: d86bca1bab39c0b34566d6b1d53665b5757edd789dc8185aec067ded573d5306
                                                              • Opcode Fuzzy Hash: 742dd14bfc46e59f141e9cfb9f2c86578105f0f160bebb770c11203e8e06a393
                                                              • Instruction Fuzzy Hash: 8531AE31A015199BDB04DFF8CC59BAEBBA4EF05329F508719F421E7AC0DB7999098B90
                                                              Function 6CF2EEA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF2E6F0: new.LIBCMT ref: 6CF2E7FE
                                                              • SendMessageW.USER32(?,00000467,?,?), ref: 6CF2EF95
                                                                • Part of subcall function 6CF22E40: EnterCriticalSection.KERNEL32(6CF53820,C3D2D3B7), ref: 6CF22E74
                                                                • Part of subcall function 6CF22E40: LeaveCriticalSection.KERNEL32(6CF53820), ref: 6CF22EE1
                                                                • Part of subcall function 6CF22E40: SetEvent.KERNEL32 ref: 6CF22EED
                                                              • SendMessageW.USER32(?,00000468,00000000,00000000), ref: 6CF2EF28
                                                              • PostMessageW.USER32(?,00000469,00000000,00000000), ref: 6CF2EFAB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Message$CriticalSectionSend$EnterEventLeavePost
                                                              • String ID: total_upload_fail
                                                              • API String ID: 922074648-1200134184
                                                              • Opcode ID: 8ec76f8c52fbad9ef841285dafdf495b8dce49f5771c4ffa847b05b3e514c31b
                                                              • Instruction ID: e48c168b4ae3ec8a67e412c1b2c3daa9b6cf85d464f6d214ad33482ff6ba50b8
                                                              • Opcode Fuzzy Hash: 8ec76f8c52fbad9ef841285dafdf495b8dce49f5771c4ffa847b05b3e514c31b
                                                              • Instruction Fuzzy Hash: D031C671A00609AFDB10DBB8CC04F9ABBB8EF41729F208719E425D7AD0D739E905CB90
                                                              Function 00F91080 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrlenW.KERNEL32(00F922C7,00000000,?,00F922C7,00000000), ref: 00F910C6
                                                              • IsWindow.USER32(?), ref: 00F9114D
                                                              • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 00F91163
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MessageSendWindowlstrlen
                                                              • String ID: #Hw/
                                                              • API String ID: 1805508699-1770964375
                                                              • Opcode ID: a2d2a06de988ab56c486bcf01c5e819854fa41468265978693f11434ca098a73
                                                              • Instruction ID: 7ce1856062350f0c1458abd477de52c3e2005204dc20f81db01d9ccfb3085d49
                                                              • Opcode Fuzzy Hash: a2d2a06de988ab56c486bcf01c5e819854fa41468265978693f11434ca098a73
                                                              • Instruction Fuzzy Hash: B131AFB2A04704AFDB20AF19DC45B5BBBE8FB49760F00462AF506976A0D735A9009B55
                                                              Function 6CF2AC40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDlgItem.USER32(?,000003EA), ref: 6CF2AC71
                                                                • Part of subcall function 6CF21460: GetProcessHeap.KERNEL32 ref: 6CF21493
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF214BE
                                                                • Part of subcall function 6CF21460: __Init_thread_footer.LIBCMT ref: 6CF2153C
                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 6CF2ACCA
                                                              • PostMessageW.USER32(?,00000012,00000000,00000000), ref: 6CF2ACF3
                                                                • Part of subcall function 6CF21800: __CxxThrowException@8.LIBVCRUNTIME ref: 6CF21812
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footer$Exception@8ExecuteHeapItemMessagePostProcessShellThrow
                                                              • String ID: open
                                                              • API String ID: 2876960732-2758837156
                                                              • Opcode ID: 9654093866e1da87ee01d7d208a8683a24f8017f58fe6510294d467a037954f8
                                                              • Instruction ID: e435fe3132b3c37e3f748cea234114cf9a9d3123fb1742e2bd8a4d82d44b1e6f
                                                              • Opcode Fuzzy Hash: 9654093866e1da87ee01d7d208a8683a24f8017f58fe6510294d467a037954f8
                                                              • Instruction Fuzzy Hash: E3318931A00609ABDB10DBA8CC45F9EBBB4FF05725F108229A415AB6D0EB34A904CB90
                                                              Function 6CF2A730 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 6CF2A795
                                                              • PostMessageW.USER32(00000001,00000012,00000000,00000000), ref: 6CF2A7BE
                                                              Strings
                                                              • https://www.google.com/searchbyimage?image_url=, xrefs: 6CF2A764
                                                              • open, xrefs: 6CF2A78E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExecuteMessagePostShell
                                                              • String ID: https://www.google.com/searchbyimage?image_url=$open
                                                              • API String ID: 2650313982-1789525184
                                                              • Opcode ID: e0e6d67ca5eaf4c530a9ec59cf75898b35ca5a41f29fbbacb5a045c80e67db83
                                                              • Instruction ID: 8dccabdfaaa3e14ea20112bda01628b6edbc3144665d1cfaf3294e6fcf95e7b6
                                                              • Opcode Fuzzy Hash: e0e6d67ca5eaf4c530a9ec59cf75898b35ca5a41f29fbbacb5a045c80e67db83
                                                              • Instruction Fuzzy Hash: 88319C31A00609ABD710DF98CC44B8AFBB8FF45725F108269B815EB6D1EB75AD09CB90
                                                              Function 00F884E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(?,77E44823,?,?,?,80004005), ref: 00F88515
                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,80004005), ref: 00F88577
                                                              • SetEvent.KERNEL32(?,?,?,?,80004005), ref: 00F88580
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterEventLeave
                                                              • String ID: #Hw/
                                                              • API String ID: 3094578987-1770964375
                                                              • Opcode ID: bd2688418fe81d0c3a1d2d179c7c29899ee703908a0c07661aebbde1c31cb4aa
                                                              • Instruction ID: e91906411d98aac79710f577e637c7c446d4c4572127f59f947df0aba3cf34b5
                                                              • Opcode Fuzzy Hash: bd2688418fe81d0c3a1d2d179c7c29899ee703908a0c07661aebbde1c31cb4aa
                                                              • Instruction Fuzzy Hash: 4631F9B5900609DFCB10DF68C984A9ABBF8FF08760F14466AE825DB395E734E910DF91
                                                              Function 6F8404B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MonitorFromPoint.USER32(?,00000000,00000000), ref: 6F8404CA
                                                              • MonitorFromPoint.USER32(?,00000000,00000002), ref: 6F8404D8
                                                              • GetMonitorInfoW.USER32(00000000,00000028), ref: 6F84050B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Monitor$FromPoint$Info
                                                              • String ID: (
                                                              • API String ID: 1942056148-3887548279
                                                              • Opcode ID: f45f40260d06dfc579ea506064962b6a543d0517646f20d501b7c1db15546ce2
                                                              • Instruction ID: 931032b658ea38edbd4abd3801cbfe83e5c0b3528de7460eb87052fe8eb236c5
                                                              • Opcode Fuzzy Hash: f45f40260d06dfc579ea506064962b6a543d0517646f20d501b7c1db15546ce2
                                                              • Instruction Fuzzy Hash: A5112E71E052199BDF089FA998459EFBBB4FF49710F0144AEE429B7340D7349900CFA9
                                                              Function 6F833CE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,?,80070216,?,?,?), ref: 6F833CF0
                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 6F833D00
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressHandleModuleProc
                                                              • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                              • API String ID: 1646373207-2994018265
                                                              • Opcode ID: 18013ada541ed14e25698ef7aa0127af9c3af94cefa06cd7c2f6c088d3a8b2d9
                                                              • Instruction ID: 4fb017716c5cf601728f4e0568af795ef09a5795a23100b360bfb6e8481253a9
                                                              • Opcode Fuzzy Hash: 18013ada541ed14e25698ef7aa0127af9c3af94cefa06cd7c2f6c088d3a8b2d9
                                                              • Instruction Fuzzy Hash: 2F014B72140328EBEF214F91DC09BD67BA8AB08755F104596FA54AD2E1C3BAA4A0DBD4
                                                              Function 6CF255C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,6CF2569D,80000001,?,?,?,00000000,80000001,?,80000001), ref: 6CF255D0
                                                              • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 6CF255E0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressHandleModuleProc
                                                              • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                              • API String ID: 1646373207-2994018265
                                                              • Opcode ID: 5a5bc43cf19da7389318b1288da7e37d8652ddc16d0d1110b41af10a44892a73
                                                              • Instruction ID: d85873f9c221945280a089f927b70a67358db0acb7499a6e1e9c42eafb43a859
                                                              • Opcode Fuzzy Hash: 5a5bc43cf19da7389318b1288da7e37d8652ddc16d0d1110b41af10a44892a73
                                                              • Instruction Fuzzy Hash: 62016D71250318BBEF205F94DC04FDA7FB4AB04B59F108415FA19AA5C2C7BED4A0DB94
                                                              Function 6F8368C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(00000000), ref: 6F8368CC
                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F836903
                                                              • SendMessageW.USER32(00000001,00000030,00000000,00000001), ref: 6F83691A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateDeleteFontMessageObjectSend
                                                              • String ID: Calibri
                                                              • API String ID: 2276220627-1409258342
                                                              • Opcode ID: 9b329dd731f7cb465aad14a2c85290660072d5b323cdfc9265b8e62b11821b90
                                                              • Instruction ID: 2217eeb6e13c4e9667ecbf07becb7e1f170dd29b123cea25bdefd2ecef1e6f0c
                                                              • Opcode Fuzzy Hash: 9b329dd731f7cb465aad14a2c85290660072d5b323cdfc9265b8e62b11821b90
                                                              • Instruction Fuzzy Hash: BBF05E307A0710BBFE748A648D46F9676A4BB05F11F100959BB12BE9D0C3F4F410C758
                                                              Function 6F84F90D Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __alldvrm$_strrchr
                                                              • String ID:
                                                              • API String ID: 1036877536-0
                                                              • Opcode ID: d207df5628abc130816c0b8e02a307a45c0da4afe905cd74140554076462d13c
                                                              • Instruction ID: bf326da19dad9290ec4dbfaf72b49426ddfb0f55f600d137bb612dfcdd9211fc
                                                              • Opcode Fuzzy Hash: d207df5628abc130816c0b8e02a307a45c0da4afe905cd74140554076462d13c
                                                              • Instruction Fuzzy Hash: DDA1597190478EAFE705CF68C8A1BAEBBE4EF22354F1449EED5849F280D3349941C761
                                                              Function 6CF3ADB1 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __alldvrm$_strrchr
                                                              • String ID:
                                                              • API String ID: 1036877536-0
                                                              • Opcode ID: d6fae729f4e506d89b4f557a3b8be1b09f66daf3e34dfb8f7ab18843237c2faa
                                                              • Instruction ID: aa672fbd1ab25604a8042d16856f731d7c95a3f1696b6d5171176d90f0d290fb
                                                              • Opcode Fuzzy Hash: d6fae729f4e506d89b4f557a3b8be1b09f66daf3e34dfb8f7ab18843237c2faa
                                                              • Instruction Fuzzy Hash: 45A17BB2904766AFEB11CFA9C8A07AEBFE1EF51314F14456DD4989BB81C3388945C7E0
                                                              Function 00FAD1AE Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __alldvrm$_strrchr
                                                              • String ID:
                                                              • API String ID: 1036877536-0
                                                              • Opcode ID: 5893bc81264e6c371b6993be3679bfcb9ca80e82bfeefb03239dc1a989a16dab
                                                              • Instruction ID: 736319a572af4cb6a56beda091b2e42cad4ed80f5bdfe6a574d8083fc5932dfd
                                                              • Opcode Fuzzy Hash: 5893bc81264e6c371b6993be3679bfcb9ca80e82bfeefb03239dc1a989a16dab
                                                              • Instruction Fuzzy Hash: 4FA18AB2D013469FEB21CF68C8917AEBBE4EF57320F14416DE8869B681C238DD41EB51
                                                              Function 6F833F90 Relevance: 6.3, APIs: 4, Instructions: 257registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,00000000,6F85FC68,?,80000001,00000000,0002001F), ref: 6F8340BE
                                                              • RegCloseKey.ADVAPI32(00000000,?,80070057,00000010,?), ref: 6F834171
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6F8341D8
                                                              • RegCloseKey.ADVAPI32(00000000,?,80000001,00000000,0002001F), ref: 6F8341FF
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID:
                                                              • API String ID: 2393043351-0
                                                              • Opcode ID: 08f03bc4b18d8d48e4daad6c6d9dd88dc94cd81ae674cd70e86d19201e9da54e
                                                              • Instruction ID: cba217f8f47da537d56dfe9036faa6d2168831a0e2ba7ba8ba10108cddffc97a
                                                              • Opcode Fuzzy Hash: 08f03bc4b18d8d48e4daad6c6d9dd88dc94cd81ae674cd70e86d19201e9da54e
                                                              • Instruction Fuzzy Hash: 43A18D71E00619DBDB00CFA8C844B9EFBF4FF95314F1486A9E415EB2A1EB35A905CB90
                                                              Function 6CF25B80 Relevance: 6.2, APIs: 4, Instructions: 156registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,?,00000000,?,80000001,00000000,0002001F), ref: 6CF25CB1
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6CF25CC6
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6CF25CD7
                                                              • RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 6CF25CE0
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID:
                                                              • API String ID: 2393043351-0
                                                              • Opcode ID: d7cff229e955eb2e130c8c1effd638da4975b7b6b5f76f78a2a1bc5bce9bb278
                                                              • Instruction ID: 4aa9d234c2443bc9aec9588e834da54d2883d0a4e85e2b55055a5783ee9b7c47
                                                              • Opcode Fuzzy Hash: d7cff229e955eb2e130c8c1effd638da4975b7b6b5f76f78a2a1bc5bce9bb278
                                                              • Instruction Fuzzy Hash: F3518071A015099BD701CFA8C844B9EFBB8EF45328F24C259E815EB795E738DE05CBA1
                                                              Function 6F834280 Relevance: 6.2, APIs: 4, Instructions: 155registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegQueryValueExW.ADVAPI32(00000000,6F85FC68,00000000,000000FF,00000000,?,80000001,00000000,0002001F), ref: 6F8343AC
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6F8343C1
                                                              • RegCloseKey.ADVAPI32(00000000), ref: 6F8343D2
                                                              • RegCloseKey.ADVAPI32(00000000,80000001,00000000,0002001F), ref: 6F8343DB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$QueryValue
                                                              • String ID:
                                                              • API String ID: 2393043351-0
                                                              • Opcode ID: cf9f17b98875c89073d360279f8ab030bc6400f575b00f25ae72bc85e1b107fe
                                                              • Instruction ID: fece6c460055b5d0b90026000be7fd7382ee80a630b03d16cf04abd7fd364d66
                                                              • Opcode Fuzzy Hash: cf9f17b98875c89073d360279f8ab030bc6400f575b00f25ae72bc85e1b107fe
                                                              • Instruction Fuzzy Hash: CB519272901619DBDB01CFA8C844B9EF7B8FF45324F148299E814EB2A1D775A905CBE0
                                                              Function 6CF22CA0 Relevance: 6.1, APIs: 4, Instructions: 146synchronizationCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(000000FF,000000FF,C3D2D3B7), ref: 6CF22CD5
                                                              • EnterCriticalSection.KERNEL32(?), ref: 6CF22D04
                                                              • ResetEvent.KERNEL32(?), ref: 6CF22D13
                                                              • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CF22DA2
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterEventLeaveObjectResetSingleWait
                                                              • String ID:
                                                              • API String ID: 1557531055-0
                                                              • Opcode ID: 3bc715b46c8db6d7217fdaeeb761d5b587d8745197932b5b8ce07e110e555651
                                                              • Instruction ID: a6e999e82800f4367227cc390fb7ea5092c66978486cde3ba46a931c6e74e660
                                                              • Opcode Fuzzy Hash: 3bc715b46c8db6d7217fdaeeb761d5b587d8745197932b5b8ce07e110e555651
                                                              • Instruction Fuzzy Hash: DA517670910609DFDB04DFA8C848B9EB7B8FF05338F108659E411A7695DB79A945CFA0
                                                              Function 6F8199FA Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,00000100,6F8187A7,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 6F819A47
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6F819AD0
                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6F819AE2
                                                              • __freea.LIBCMT ref: 6F819AEB
                                                                • Part of subcall function 6F816A24: HeapAlloc.KERNEL32(00000000,00000000,?,?,6F8113C0,00000009,00000000,80004005,00000000,6F8112B1), ref: 6F816A56
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                              • String ID:
                                                              • API String ID: 573072132-0
                                                              • Opcode ID: a9dc4ccb65e41efaa5ac81d66ae7e05d6c0e463166c39c5567c5c68404f4d3ad
                                                              • Instruction ID: 87e6495ddfe98cac3ab52b4d6335d417a48a261d8b43e53e554b0c202fe8fa46
                                                              • Opcode Fuzzy Hash: a9dc4ccb65e41efaa5ac81d66ae7e05d6c0e463166c39c5567c5c68404f4d3ad
                                                              • Instruction Fuzzy Hash: C631BF72A0021BABDF18CF68CC51DEE7BA5EF41310F044BA9EC15DA184E735E954CBA0
                                                              Function 6F854525 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(?,00000000,99E85006,6F84C648,00000000,00000000,6F84CFA6,0000001D,6F84CFA6,?,00000001,6F84C648,99E85006,00000001,6F84CFA6,6F84CFA6), ref: 6F854572
                                                              • __alloca_probe_16.LIBCMT ref: 6F8545AA
                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6F8545FB
                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6F85460D
                                                                • Part of subcall function 6F84E764: HeapAlloc.KERNEL32(00000000,00000004,?,?,6F8488B6,00000004,?,6F839E88,000003AC,?,?,?,?,?,6F836FC5), ref: 6F84E796
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16
                                                              • String ID:
                                                              • API String ID: 3256798667-0
                                                              • Opcode ID: e81a8e149012d8f20c26a999736e3a557133e6182e70e57c293c173d79c13ead
                                                              • Instruction ID: b853662386a2b785396035ede4a7aac83466e41bd7f21636efd82b7e2447c26f
                                                              • Opcode Fuzzy Hash: e81a8e149012d8f20c26a999736e3a557133e6182e70e57c293c173d79c13ead
                                                              • Instruction Fuzzy Hash: C031B272A0020AABEF188FA8CC54EEE7BA5FF41754F0005A9EC14DB180EB35D974CB90
                                                              Function 6F8405D0 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipDrawLinesI.GDIPLUS(?,?,?,?), ref: 6F84062D
                                                              • GdipCreateSolidFill.GDIPLUS(?,?), ref: 6F840671
                                                              • GdipFillEllipse.GDIPLUS(?,00000000), ref: 6F8406E5
                                                              • GdipDeleteBrush.GDIPLUS(00000000), ref: 6F8406F3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$Fill$BrushCreateDeleteDrawEllipseLinesSolid
                                                              • String ID:
                                                              • API String ID: 3959548161-0
                                                              • Opcode ID: e88d64446252d2d9bfc1fd3ab5d011724990f5c8d8a41b668251df3b7ac491b0
                                                              • Instruction ID: 8241bfa1a3a3e50507f490d1db741c76cfb47dee8bd51ebecc9afab02062b41e
                                                              • Opcode Fuzzy Hash: e88d64446252d2d9bfc1fd3ab5d011724990f5c8d8a41b668251df3b7ac491b0
                                                              • Instruction Fuzzy Hash: 0A413831900609EFCB24CFA9D5888AEBFF0FF45311B114A89E496A7684D735E570DF51
                                                              Function 6F83E320 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F837E90: UnionRect.USER32(?,?,00000000), ref: 6F837EF8
                                                              • IsRectEmpty.USER32(?), ref: 6F83E39A
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83E3AC
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83E3BB
                                                              • RedrawWindow.USER32(?,00000000,00000000,000001A1), ref: 6F83E40C
                                                                • Part of subcall function 6F847AC0: IsWindow.USER32(?), ref: 6F847ADE
                                                                • Part of subcall function 6F847AC0: GetWindowRect.USER32(?), ref: 6F847B26
                                                                • Part of subcall function 6F847AC0: ScreenToClient.USER32(00000002,00000000), ref: 6F847B37
                                                                • Part of subcall function 6F847AC0: ScreenToClient.USER32(00000002,?), ref: 6F847B49
                                                                • Part of subcall function 6F847AC0: SendMessageW.USER32(?,000000B2,00000000,?), ref: 6F847B6E
                                                                • Part of subcall function 6F847AC0: OffsetRect.USER32(?,00000000,00000000), ref: 6F847B7B
                                                                • Part of subcall function 6F847AC0: ShowWindow.USER32(?,00000000,?,?,?), ref: 6F847B89
                                                                • Part of subcall function 6F847AC0: DestroyWindow.USER32(?,?,?,?), ref: 6F847B95
                                                                • Part of subcall function 6F847AC0: SetFocus.USER32(00000000,?,?,?), ref: 6F847BAB
                                                                • Part of subcall function 6F847AC0: CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F847BD7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$Window$ClientScreen$CreateDestroyEmptyFocusFontInflateInvalidateMessageOffsetRedrawSendShowUnion
                                                              • String ID:
                                                              • API String ID: 1430955827-0
                                                              • Opcode ID: 9bb2ddcd4dce86a10446bacd04f12b858ce07474d7425a6ccc79d29a7155130c
                                                              • Instruction ID: d9fef6072a11c46ef2f8f0d66815d49030fe87b7b1c60c244293c05619ef7ee3
                                                              • Opcode Fuzzy Hash: 9bb2ddcd4dce86a10446bacd04f12b858ce07474d7425a6ccc79d29a7155130c
                                                              • Instruction Fuzzy Hash: 20314F31A05709EFDB14CBA8C884BDEB7F5AF09314F10089AE5599B290DB75B914CBA1
                                                              Function 6F845190 Relevance: 6.1, APIs: 4, Instructions: 89registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F833E10: GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00000000,?,?,?,6F834342,80000001,00000000), ref: 6F833E34
                                                                • Part of subcall function 6F833E10: RegCloseKey.ADVAPI32(00000000,?,6F834342,80000001,00000000), ref: 6F833E97
                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6F845213
                                                              • RegCloseKey.ADVAPI32(?), ref: 6F845262
                                                                • Part of subcall function 6F845190: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,00000000), ref: 6F845253
                                                              • RegCloseKey.ADVAPI32(?), ref: 6F845290
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$Enum$HandleModule
                                                              • String ID:
                                                              • API String ID: 2852649468-0
                                                              • Opcode ID: 9502fe96208f89352f81abdac033b863922c4d9a9a3b5b91695e57271e75cf56
                                                              • Instruction ID: e2dc54845064fbcc3a36d5a31167a4cd8ee6f0897883ed09488e1a78208d1165
                                                              • Opcode Fuzzy Hash: 9502fe96208f89352f81abdac033b863922c4d9a9a3b5b91695e57271e75cf56
                                                              • Instruction Fuzzy Hash: 85310B71509319ABD710DF55CC44B9BBBE8EF893A4F00495EF8989B250D734E918CBE2
                                                              Function 6CF2B550 Relevance: 6.1, APIs: 4, Instructions: 89registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF256F0: GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,00000001,?,?,6CF258F0,80000001,00000000), ref: 6CF25714
                                                                • Part of subcall function 6CF256F0: RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,6CF258F0,80000001,00000000), ref: 6CF25777
                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 6CF2B5D3
                                                              • RegCloseKey.ADVAPI32(?), ref: 6CF2B622
                                                                • Part of subcall function 6CF2B550: RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,00000000), ref: 6CF2B613
                                                              • RegCloseKey.ADVAPI32(?), ref: 6CF2B650
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Close$Enum$HandleModule
                                                              • String ID:
                                                              • API String ID: 2852649468-0
                                                              • Opcode ID: a6c3648cb1434c20a1790597652116f71f804c60bc3fcb4d904d63213ec0c80a
                                                              • Instruction ID: 62254cf9286abd1ea4e89a1ea018c22641f72d141b48181d52dd94fc61a30cb2
                                                              • Opcode Fuzzy Hash: a6c3648cb1434c20a1790597652116f71f804c60bc3fcb4d904d63213ec0c80a
                                                              • Instruction Fuzzy Hash: 273107B1509315ABD720DF55C844F9BBBF8EF893A8F004A1DF89996250D735DA08CBE2
                                                              Function 6F844200 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MoveWindow.USER32(00000000,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A,00000000), ref: 6F844246
                                                              • MoveWindow.USER32(00000000,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F84426E
                                                              • MoveWindow.USER32(?,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F844296
                                                              • MoveWindow.USER32(?,00000000,00000000,00000000,8007000E,00000001,?,6F840C4A,00000000,8007000E,00000001,8007000E,00000000,?,?,6F840C4A), ref: 6F8442BD
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: MoveWindow
                                                              • String ID:
                                                              • API String ID: 2234453006-0
                                                              • Opcode ID: 934f59b50112dc215d865e8547d733dcb676d42fe444323914bd16300781a6db
                                                              • Instruction ID: 1273e6e3bef89cb050d7756d43750d4b6ba751609ecd70e83d6b682ce315c824
                                                              • Opcode Fuzzy Hash: 934f59b50112dc215d865e8547d733dcb676d42fe444323914bd16300781a6db
                                                              • Instruction Fuzzy Hash: 43310871200204AFDF06DF18C8D1DA57FA9FF4A71471502AAED498F26AE772E825DB80
                                                              Function 6F837DA0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipSetSmoothingMode.GDIPLUS(?,00000004,?,?,00000000,?,?,6F83BDA0,?,00000000), ref: 6F837DB5
                                                              • GetCursorPos.USER32(00000000), ref: 6F837E10
                                                              • ScreenToClient.USER32(?,00000000), ref: 6F837E20
                                                              • GdipDrawEllipseI.GDIPLUS(?,?,00000000,00000000,00000000,00000000,?,?,6F83BDA0,?), ref: 6F837E70
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$ClientCursorDrawEllipseModeScreenSmoothing
                                                              • String ID:
                                                              • API String ID: 2348965065-0
                                                              • Opcode ID: ea34e561683c60df17985781513353833d5ad5cb25ef6a0b8c448f63373e349f
                                                              • Instruction ID: d624325f5774852a6b51f9f02f8a8fa7e293fff490a7db70b476ff0b099900fd
                                                              • Opcode Fuzzy Hash: ea34e561683c60df17985781513353833d5ad5cb25ef6a0b8c448f63373e349f
                                                              • Instruction Fuzzy Hash: E2318032904615EBCB10DFA5C888BAEBFB8FF44710F5184D5E915AB264CB35E860CBD0
                                                              Function 6F847882 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetWindowPos.USER32(00000001,00000000,?,?,00000000,00000000,00000005), ref: 6F8478CB
                                                              • SetWindowTextW.USER32(00000001,6F85FC68), ref: 6F8478DC
                                                                • Part of subcall function 6F8366C0: GetWindowRect.USER32(?,?), ref: 6F836703
                                                                • Part of subcall function 6F8366C0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000006,?,6F85FC68,?,?,?), ref: 6F836788
                                                              • ShowWindow.USER32(00000001,00000005), ref: 6F847938
                                                              • SetFocus.USER32(00000001), ref: 6F847944
                                                                • Part of subcall function 6F8368C0: DeleteObject.GDI32(00000000), ref: 6F8368CC
                                                                • Part of subcall function 6F8368C0: CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F836903
                                                                • Part of subcall function 6F8368C0: SendMessageW.USER32(00000001,00000030,00000000,00000001), ref: 6F83691A
                                                                • Part of subcall function 6F8367A0: DeleteObject.GDI32(00000000), ref: 6F8367C1
                                                                • Part of subcall function 6F8367A0: GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F8367DA
                                                                • Part of subcall function 6F8367A0: GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F8367E1
                                                                • Part of subcall function 6F8367A0: ReleaseDC.USER32(00000000,00000000), ref: 6F8367EC
                                                                • Part of subcall function 6F8367A0: CreateBitmap.GDI32(00000001,?,00000001,00000000,00000000), ref: 6F8367FF
                                                                • Part of subcall function 6F8367A0: GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F83680A
                                                                • Part of subcall function 6F8367A0: CreateCompatibleDC.GDI32(00000000), ref: 6F836810
                                                                • Part of subcall function 6F8367A0: SelectObject.GDI32(00000000,00000000), ref: 6F83681F
                                                                • Part of subcall function 6F8367A0: CreateSolidBrush.GDI32(00808080), ref: 6F83682D
                                                                • Part of subcall function 6F8367A0: FillRect.USER32(00000000,00000000,00000000), ref: 6F836856
                                                                • Part of subcall function 6F8367A0: CreateCaret.USER32(?,00000000,00000000,00000000), ref: 6F83686B
                                                                • Part of subcall function 6F8367A0: ShowCaret.USER32(?), ref: 6F836874
                                                                • Part of subcall function 6F8367A0: SelectObject.GDI32(00000000,?), ref: 6F83687E
                                                                • Part of subcall function 6F8367A0: DeleteObject.GDI32(00000000), ref: 6F836889
                                                                • Part of subcall function 6F8367A0: DeleteDC.GDI32(00000000), ref: 6F836894
                                                                • Part of subcall function 6F8367A0: ReleaseDC.USER32(00000000,00000000), ref: 6F83689F
                                                                • Part of subcall function 6F8369D0: GetWindowDC.USER32(00000000,6EB740BD,?), ref: 6F836A0D
                                                                • Part of subcall function 6F8369D0: SendMessageW.USER32(00000000,000000B2,00000000,?), ref: 6F836A8D
                                                                • Part of subcall function 6F8369D0: CreateCompatibleDC.GDI32(00000000), ref: 6F836A94
                                                                • Part of subcall function 6F8369D0: SelectObject.GDI32(00000000,?), ref: 6F836AA3
                                                                • Part of subcall function 6F8369D0: DrawTextW.USER32(00000000,?,00000064,?,00000400), ref: 6F836AB7
                                                                • Part of subcall function 6F8369D0: DeleteDC.GDI32(00000000), ref: 6F836AC2
                                                                • Part of subcall function 6F8369D0: ReleaseDC.USER32(00000000,00000000), ref: 6F836ACB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$CreateObject$Delete$ReleaseSelect$CaretCompatibleMessageRectSendShowText$BitmapBrushCapsDeviceDrawFillFocusFontSolid
                                                              • String ID:
                                                              • API String ID: 2656210951-0
                                                              • Opcode ID: 21381136bec00577ea27969501f70fced440b5882d83f69de5dfb54ca0635841
                                                              • Instruction ID: ee5adec5a7f7a04c5204e593425ec94c2d8cada01b18abc9eecdfbc733caa08f
                                                              • Opcode Fuzzy Hash: 21381136bec00577ea27969501f70fced440b5882d83f69de5dfb54ca0635841
                                                              • Instruction Fuzzy Hash: 7F213A71A00B15AFCB04DF69C849A5ABBE5FF59710F004A99E8498B6A0DB30E865CBD1
                                                              Function 6F840E20 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 6F840E57
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 6F840EC3
                                                                • Part of subcall function 6F8491AB: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8491C2
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 6F840EC8
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                              • String ID:
                                                              • API String ID: 3339364867-0
                                                              • Opcode ID: 4ec746a46f8bd6169b732746724f6882b95b1d1aafcaf1059a9680241cb6195a
                                                              • Instruction ID: 41eeecdcba7a606aa8f67201dc862c7dd9973dbce86a6737004506450d4451e8
                                                              • Opcode Fuzzy Hash: 4ec746a46f8bd6169b732746724f6882b95b1d1aafcaf1059a9680241cb6195a
                                                              • Instruction Fuzzy Hash: E71103B3A0021CAFA708CF6CC980D5B7764EF583647154FA9E818DF294D771ED208BA2
                                                              Function 6F835210 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateRectRgnIndirect.GDI32(?), ref: 6F83525C
                                                              • CreateRectRgnIndirect.GDI32(?), ref: 6F835283
                                                              • CombineRgn.GDI32(00000000,00000000,00000000,00000002), ref: 6F83528C
                                                              • DeleteObject.GDI32(00000000), ref: 6F83529D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateIndirectRect$CombineDeleteObject
                                                              • String ID:
                                                              • API String ID: 1025116262-0
                                                              • Opcode ID: 6ec10afaeaa5d24947d6fe5f8ce6b85dea4e620e4bb8ae06fb2a6056e8571ad7
                                                              • Instruction ID: 5c6cfca1597a2541019acac384f94655e5e50c3b5f2d47442756b8b2bbb48136
                                                              • Opcode Fuzzy Hash: 6ec10afaeaa5d24947d6fe5f8ce6b85dea4e620e4bb8ae06fb2a6056e8571ad7
                                                              • Instruction Fuzzy Hash: 56219272D047599FDF00CF99C884B9BBBB8EF55710F0005AAEA149B350D7746918CBE1
                                                              Function 6F83F9B0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnionRect.USER32(00000000,00000000,00000000), ref: 6F83FA26
                                                              • IsRectEmpty.USER32(?), ref: 6F83FA48
                                                              • InflateRect.USER32(?,00000064,00000064), ref: 6F83FA5A
                                                              • InvalidateRect.USER32(?,?,00000000), ref: 6F83FA69
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Rect$EmptyInflateInvalidateUnion
                                                              • String ID:
                                                              • API String ID: 36160914-0
                                                              • Opcode ID: c40f3719ad999fb89afcf52aa30631bd4bb2e512fad04afecf8ab5b326722136
                                                              • Instruction ID: 03def56e626a8a7e513bdf20cde82b2446b91ea887c96343f94216d76070d844
                                                              • Opcode Fuzzy Hash: c40f3719ad999fb89afcf52aa30631bd4bb2e512fad04afecf8ab5b326722136
                                                              • Instruction Fuzzy Hash: FA21C6B5D01209AFDB04CFA4C944BEEBBF8FF09314F10859AE915A7250D775AA14CFA1
                                                              Function 6F8376F0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • new.LIBCMT ref: 6F837726
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 6F837795
                                                                • Part of subcall function 6F8491AB: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8491C2
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 6F83779A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                              • String ID:
                                                              • API String ID: 3339364867-0
                                                              • Opcode ID: 0556b8460f0e2d9c6040eb9ec2307b3c002e5bcd5fd6a190a2506cb77f5debe4
                                                              • Instruction ID: 76b8589dad614a9fbd2f80bdb764af145036b1ab9baf9080a402383447a79fd6
                                                              • Opcode Fuzzy Hash: 0556b8460f0e2d9c6040eb9ec2307b3c002e5bcd5fd6a190a2506cb77f5debe4
                                                              • Instruction Fuzzy Hash: 621178B290461AEBD718CFACC880D5EB798EF05354B504B69EC18CB2A0E731F954CBD1
                                                              Function 6F847890 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetWindowPos.USER32(00000001,00000000,?,?,00000000,00000000,00000005), ref: 6F8478CB
                                                              • SetWindowTextW.USER32(00000001,6F85FC68), ref: 6F8478DC
                                                                • Part of subcall function 6F8366C0: GetWindowRect.USER32(?,?), ref: 6F836703
                                                                • Part of subcall function 6F8366C0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000006,?,6F85FC68,?,?,?), ref: 6F836788
                                                              • ShowWindow.USER32(00000001,00000005), ref: 6F847938
                                                              • SetFocus.USER32(00000001), ref: 6F847944
                                                                • Part of subcall function 6F8368C0: DeleteObject.GDI32(00000000), ref: 6F8368CC
                                                                • Part of subcall function 6F8368C0: CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000004,00000000,Calibri), ref: 6F836903
                                                                • Part of subcall function 6F8368C0: SendMessageW.USER32(00000001,00000030,00000000,00000001), ref: 6F83691A
                                                                • Part of subcall function 6F8367A0: DeleteObject.GDI32(00000000), ref: 6F8367C1
                                                                • Part of subcall function 6F8367A0: GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F8367DA
                                                                • Part of subcall function 6F8367A0: GetDeviceCaps.GDI32(00000000,0000000C), ref: 6F8367E1
                                                                • Part of subcall function 6F8367A0: ReleaseDC.USER32(00000000,00000000), ref: 6F8367EC
                                                                • Part of subcall function 6F8367A0: CreateBitmap.GDI32(00000001,?,00000001,00000000,00000000), ref: 6F8367FF
                                                                • Part of subcall function 6F8367A0: GetWindowDC.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6F83680A
                                                                • Part of subcall function 6F8367A0: CreateCompatibleDC.GDI32(00000000), ref: 6F836810
                                                                • Part of subcall function 6F8367A0: SelectObject.GDI32(00000000,00000000), ref: 6F83681F
                                                                • Part of subcall function 6F8367A0: CreateSolidBrush.GDI32(00808080), ref: 6F83682D
                                                                • Part of subcall function 6F8367A0: FillRect.USER32(00000000,00000000,00000000), ref: 6F836856
                                                                • Part of subcall function 6F8367A0: CreateCaret.USER32(?,00000000,00000000,00000000), ref: 6F83686B
                                                                • Part of subcall function 6F8367A0: ShowCaret.USER32(?), ref: 6F836874
                                                                • Part of subcall function 6F8367A0: SelectObject.GDI32(00000000,?), ref: 6F83687E
                                                                • Part of subcall function 6F8367A0: DeleteObject.GDI32(00000000), ref: 6F836889
                                                                • Part of subcall function 6F8367A0: DeleteDC.GDI32(00000000), ref: 6F836894
                                                                • Part of subcall function 6F8367A0: ReleaseDC.USER32(00000000,00000000), ref: 6F83689F
                                                                • Part of subcall function 6F8369D0: GetWindowDC.USER32(00000000,6EB740BD,?), ref: 6F836A0D
                                                                • Part of subcall function 6F8369D0: SendMessageW.USER32(00000000,000000B2,00000000,?), ref: 6F836A8D
                                                                • Part of subcall function 6F8369D0: CreateCompatibleDC.GDI32(00000000), ref: 6F836A94
                                                                • Part of subcall function 6F8369D0: SelectObject.GDI32(00000000,?), ref: 6F836AA3
                                                                • Part of subcall function 6F8369D0: DrawTextW.USER32(00000000,?,00000064,?,00000400), ref: 6F836AB7
                                                                • Part of subcall function 6F8369D0: DeleteDC.GDI32(00000000), ref: 6F836AC2
                                                                • Part of subcall function 6F8369D0: ReleaseDC.USER32(00000000,00000000), ref: 6F836ACB
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Window$CreateObject$Delete$ReleaseSelect$CaretCompatibleMessageRectSendShowText$BitmapBrushCapsDeviceDrawFillFocusFontSolid
                                                              • String ID:
                                                              • API String ID: 2656210951-0
                                                              • Opcode ID: 46c323b688e9601a5ec4eb900e98204e4ed3b4aa60ba635a56b5119ff8fe2106
                                                              • Instruction ID: 891da0e7faf642ebc9353a319a61a171f3ad84eee605e8a5e7b08422f4bacbc9
                                                              • Opcode Fuzzy Hash: 46c323b688e9601a5ec4eb900e98204e4ed3b4aa60ba635a56b5119ff8fe2106
                                                              • Instruction Fuzzy Hash: E5214C71A00B11AFCB00DF69C849E5ABBE5FF59710F004A99E8498B6A0DB30F865CBD1
                                                              Function 6CF212D5 Relevance: 6.1, APIs: 4, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • UnregisterClassW.USER32(?), ref: 6CF21313
                                                              • DeleteCriticalSection.KERNEL32(6CF538E0), ref: 6CF21356
                                                              • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 6CF21375
                                                              • HeapAlloc.KERNEL32(?,00000000,?), ref: 6CF2138B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AllocClassCriticalDeleteExceptionHeapRaiseSectionUnregister
                                                              • String ID:
                                                              • API String ID: 47944152-0
                                                              • Opcode ID: dc4011c0c7a0707659dfda3ad353e6c85a17fe8887b3c5f5aa224627765266cc
                                                              • Instruction ID: 190b72fbd878e57987785ce670aed39f3f1efdf0672d8f19a19bb790ae3a0e7b
                                                              • Opcode Fuzzy Hash: dc4011c0c7a0707659dfda3ad353e6c85a17fe8887b3c5f5aa224627765266cc
                                                              • Instruction Fuzzy Hash: EB1102F2B11205E7EB509B998C44B45BAF9A726749F61C015F604C7A40D776EC088B98
                                                              Function 00F90760 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32(?), ref: 00F907C1
                                                              • DeleteObject.GDI32(?), ref: 00F907D6
                                                              • DeleteObject.GDI32(?), ref: 00F907EB
                                                              • DeleteObject.GDI32(?), ref: 00F90800
                                                                • Part of subcall function 00FA17C1: GetProcessHeap.KERNEL32(00000000,?,?,?,00F9081C,?), ref: 00FA1804
                                                                • Part of subcall function 00FA17C1: HeapFree.KERNEL32(00000000,?,?,00F9081C,?), ref: 00FA180B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: DeleteObject$Heap$FreeProcess
                                                              • String ID:
                                                              • API String ID: 830101055-0
                                                              • Opcode ID: fc261d39ca58efe308e1250bd461ad8629287095e1c086b568d992a75294f290
                                                              • Instruction ID: 8117a5255d1288d14dff6725f6a0d06d783cb344f9f4117b987d5703a280c821
                                                              • Opcode Fuzzy Hash: fc261d39ca58efe308e1250bd461ad8629287095e1c086b568d992a75294f290
                                                              • Instruction Fuzzy Hash: 58112BB0A007029AEF30AB76DD45F5776E8AF40BA4F040928A885D2551EF79F800EE75
                                                              Function 6F8317F0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 6F83186F
                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 6F831873
                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 6F831877
                                                              • VerifyVersionInfoW.KERNEL32 ref: 6F83189B
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ConditionMask$InfoVerifyVersion
                                                              • String ID:
                                                              • API String ID: 2793162063-0
                                                              • Opcode ID: 9b146868d65b0c44c552aabbd7528ee0c5429ae350d6b1f8b8fd6a96ac3e270f
                                                              • Instruction ID: 73757c40aeed0412b714fc42822381178e105ac1640ecceecfdd2996de1f969a
                                                              • Opcode Fuzzy Hash: 9b146868d65b0c44c552aabbd7528ee0c5429ae350d6b1f8b8fd6a96ac3e270f
                                                              • Instruction Fuzzy Hash: BD1100B0648304AFE760DF25DC1ABAB7AE8EB89714F00491DF588DA2C0D7759614CFD6
                                                              Function 6F8115A0 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 6F81161B
                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 6F81161F
                                                              • VerSetConditionMask.KERNEL32(00000000), ref: 6F811623
                                                              • VerifyVersionInfoW.KERNEL32(00000023), ref: 6F811648
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ConditionMask$InfoVerifyVersion
                                                              • String ID:
                                                              • API String ID: 2793162063-0
                                                              • Opcode ID: 10ddc149e87a4193f39669eb739636654e6904e24fba05ab30d72b6cc513d5fe
                                                              • Instruction ID: 8b91cd3daac71917db06bf7f2d12fb7067eae0d92c6e830aa3c5e04330f10226
                                                              • Opcode Fuzzy Hash: 10ddc149e87a4193f39669eb739636654e6904e24fba05ab30d72b6cc513d5fe
                                                              • Instruction Fuzzy Hash: 8F1124B0548305AFE720DF25DC1ABAB7BE8EB89714F004A1DB589D62C0D77496188FE6
                                                              Function 6F844C80 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateSolidBrush.GDI32(?), ref: 6F844CB7
                                                              • FillRect.USER32(?,00000000,00000000), ref: 6F844CE6
                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 6F844D0D
                                                              • DeleteObject.GDI32(00000000), ref: 6F844D18
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: BrushCreateDeleteFillObjectRectSolid
                                                              • String ID:
                                                              • API String ID: 2123768370-0
                                                              • Opcode ID: ca6bb553b13018bef937afda414266bbb181e4b22c48d6386965b78faa54a28d
                                                              • Instruction ID: 9f94be884a616271a34878568b117df28a2dda470c54dc336a874e2edd96afe9
                                                              • Opcode Fuzzy Hash: ca6bb553b13018bef937afda414266bbb181e4b22c48d6386965b78faa54a28d
                                                              • Instruction Fuzzy Hash: D4115B7260460AAFCB10DF19C849F5ABBE5FF49320F0045A9F9188B690D770E924CFD6
                                                              Function 6F83C000 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 6F83C08E
                                                              • ScreenToClient.USER32(?,00000000), ref: 6F83C09B
                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 6F83C0BD
                                                              • SetCursor.USER32(00000000), ref: 6F83C0C4
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Cursor$ClientLoadScreen
                                                              • String ID:
                                                              • API String ID: 120721131-0
                                                              • Opcode ID: 8a0fa6a25186a8996aac9a44115515d9e3dfcc7afb06b12b1928908bedd9d83a
                                                              • Instruction ID: 0daa640cfea71c616e3f6381f492bfb64d379dbae08d408fce531d06f7727b13
                                                              • Opcode Fuzzy Hash: 8a0fa6a25186a8996aac9a44115515d9e3dfcc7afb06b12b1928908bedd9d83a
                                                              • Instruction Fuzzy Hash: 6821F870C0921AABDF40DFA4C948BEEBBF5BF09305F1044A9E4196A290CB786914CF96
                                                              Function 6F840F10 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DeleteObject.GDI32 ref: 6F840F38
                                                              • FreeLibrary.KERNEL32(?,?,6EB740BD,?,?,?,6F85A176,000000FF), ref: 6F840F5D
                                                              • FreeLibrary.KERNEL32(00000000,?,6EB740BD,?,?,?,6F85A176,000000FF), ref: 6F840F89
                                                              • FreeLibrary.KERNEL32(00000000,?,6EB740BD,?,?,?,6F85A176,000000FF), ref: 6F840F9A
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary$DeleteObject
                                                              • String ID:
                                                              • API String ID: 381457287-0
                                                              • Opcode ID: 05cf5a9e151350dc60bb1092a75f6cf8a19a40e403026ffbf3459bdb0c28dcd0
                                                              • Instruction ID: a0b8790928d7ac8bddc8d85cdd1611a8e094f682f37e534029c7b39815dae318
                                                              • Opcode Fuzzy Hash: 05cf5a9e151350dc60bb1092a75f6cf8a19a40e403026ffbf3459bdb0c28dcd0
                                                              • Instruction Fuzzy Hash: 52114C756047049BEB248F15C904B57F7F8EF15710F004AAEE855C7790E779E804CBA0
                                                              Function 6F8491E5 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 6F849219
                                                              • GetCurrentThreadId.KERNEL32 ref: 6F849228
                                                              • GetCurrentProcessId.KERNEL32 ref: 6F849231
                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 6F84923E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                              • String ID:
                                                              • API String ID: 2933794660-0
                                                              • Opcode ID: 1a51cb6bfaad40d7de2beb20bd82a5b00ac5438c7c004fab13d591c2bc0c8394
                                                              • Instruction ID: bd9331bb2f67ade0ede7ebe3ae7ad08ec570869dd54f80a6051060811963f216
                                                              • Opcode Fuzzy Hash: 1a51cb6bfaad40d7de2beb20bd82a5b00ac5438c7c004fab13d591c2bc0c8394
                                                              • Instruction Fuzzy Hash: 4711A371D4551CDBDF14CBB8C6496AEB7B4FF0A325F5048EAD416DB284EB349A20CB90
                                                              Function 6F8176E3 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,6F811703,00000000,00000000,?,6F81768A,6F811703,00000000,00000000,00000000,?,6F817887,00000006,FlsSetValue), ref: 6F817715
                                                              • GetLastError.KERNEL32(?,6F81768A,6F811703,00000000,00000000,00000000,?,6F817887,00000006,FlsSetValue,6F81F7B8,6F81F7C0,00000000,00000364,?,6F8170F0), ref: 6F817721
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6F81768A,6F811703,00000000,00000000,00000000,?,6F817887,00000006,FlsSetValue,6F81F7B8,6F81F7C0,00000000), ref: 6F81772F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3177248105-0
                                                              • Opcode ID: 8242361670e124f095ea8a50b397e7b9246729cf93d8d5552e14e2b4a103a4a8
                                                              • Instruction ID: fd0dfe4ab8c37e53871d0a535152cf05b8983ba29b7624d7737da5f4c473fa42
                                                              • Opcode Fuzzy Hash: 8242361670e124f095ea8a50b397e7b9246729cf93d8d5552e14e2b4a103a4a8
                                                              • Instruction Fuzzy Hash: 7801B5322496279BCB15CA78CC8595A7798AF06770B104FA5FD1ADB140D720E418C7F0
                                                              Function 6F8507C9 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,6F850770,?,00000000,00000000,00000000,?,6F85096D,00000006,FlsSetValue), ref: 6F8507FB
                                                              • GetLastError.KERNEL32(?,6F850770,?,00000000,00000000,00000000,?,6F85096D,00000006,FlsSetValue,6F85CD50,6F85CD58,00000000,00000364,?,6F84F43B), ref: 6F850807
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6F850770,?,00000000,00000000,00000000,?,6F85096D,00000006,FlsSetValue,6F85CD50,6F85CD58,00000000), ref: 6F850815
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3177248105-0
                                                              • Opcode ID: f464f09f1900704de1cfc5a99d8d5b4116cf1f53b9e59a6df52a66a0ab7d2770
                                                              • Instruction ID: 5e55ccf2eb86264fb2324ca2cbed6d83d6bf85c2533ce331f76d1dff0732b667
                                                              • Opcode Fuzzy Hash: f464f09f1900704de1cfc5a99d8d5b4116cf1f53b9e59a6df52a66a0ab7d2770
                                                              • Instruction Fuzzy Hash: A9017B32741627ABCFD04A788C44E967758BF07BB9B101AA0F905DF140DB20F430C6E0
                                                              Function 6CF3BDC4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000001,00000000,00000000,?,6CF3BD6B,00000001,00000000,00000000,00000000,?,6CF3BF68,00000006,FlsSetValue), ref: 6CF3BDF6
                                                              • GetLastError.KERNEL32(?,6CF3BD6B,00000001,00000000,00000000,00000000,?,6CF3BF68,00000006,FlsSetValue,6CF48CD8,6CF48CE0,00000000,00000364,?,6CF3AC50), ref: 6CF3BE02
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6CF3BD6B,00000001,00000000,00000000,00000000,?,6CF3BF68,00000006,FlsSetValue,6CF48CD8,6CF48CE0,00000000), ref: 6CF3BE10
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3177248105-0
                                                              • Opcode ID: 832847d2f480df02604e78df9e54dfc994503223678e3d2e381d69656f980086
                                                              • Instruction ID: 6ca033fd946ba5e1645f37790d77bf922c473d54e077c37224936345c0fb4271
                                                              • Opcode Fuzzy Hash: 832847d2f480df02604e78df9e54dfc994503223678e3d2e381d69656f980086
                                                              • Instruction Fuzzy Hash: 4C014C32B51732BBCB115A2D8C54BD73778AF127A9B205A20FA0DD76C1D720D440C7D0
                                                              Function 00FAE1A0 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00FCC2D8,00000000,00000000,?,00FAE147,00FCC2D8,00000000,00000000,00000000,?,00FAE344,00000006,FlsSetValue), ref: 00FAE1D2
                                                              • GetLastError.KERNEL32(?,00FAE147,00FCC2D8,00000000,00000000,00000000,?,00FAE344,00000006,FlsSetValue,00FBCFC8,00FBCFD0,00000000,00000364,?,00FAD04D), ref: 00FAE1DE
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FAE147,00FCC2D8,00000000,00000000,00000000,?,00FAE344,00000006,FlsSetValue,00FBCFC8,00FBCFD0,00000000), ref: 00FAE1EC
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: LibraryLoad$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3177248105-0
                                                              • Opcode ID: f48d74f648fe528d3f32ba0ded818b9779accd202037b6a3c1fc87c0ff844f0c
                                                              • Instruction ID: a60d660b34c2e2d75c766d02ad584c2e12cec41425ef87a322b06431642d34d8
                                                              • Opcode Fuzzy Hash: f48d74f648fe528d3f32ba0ded818b9779accd202037b6a3c1fc87c0ff844f0c
                                                              • Instruction Fuzzy Hash: 4A018872B912369BC7315A789C84B56779C9F467B1B210625E915D7140D730DD00AAE0
                                                              Function 00F93680 Relevance: 6.1, APIs: 4, Instructions: 52threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00F9368D
                                                              • EnterCriticalSection.KERNEL32(00FCC684,?,00F93F03), ref: 00F9369B
                                                              • LeaveCriticalSection.KERNEL32(00FCC684,?,00F93F03), ref: 00F936B4
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,?,00F93F03), ref: 00F936C7
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                              • String ID:
                                                              • API String ID: 2662421713-0
                                                              • Opcode ID: ee6a1da703bf764b8be07b3d1e75f15e8988105a8f8562c0fefae4eced6eab66
                                                              • Instruction ID: b1ae9e2ca8c11b6d27ff89de29f5f37e037897368e2f7d97b17795f47377b205
                                                              • Opcode Fuzzy Hash: ee6a1da703bf764b8be07b3d1e75f15e8988105a8f8562c0fefae4eced6eab66
                                                              • Instruction Fuzzy Hash: D811C4B4A003199FEB249F68D945BA537F5EB04714F00451DF9098B790C774E984EFC2
                                                              Function 6F813B6F Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 6F813B86
                                                                • Part of subcall function 6F8141BE: ___AdjustPointer.LIBCMT ref: 6F814208
                                                              • _UnwindNestedFrames.LIBCMT ref: 6F813B9D
                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 6F813BAF
                                                              • CallCatchBlock.LIBVCRUNTIME ref: 6F813BD3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                              • String ID:
                                                              • API String ID: 2633735394-0
                                                              • Opcode ID: 87de9ef75e81187a39280c8bd1b178686d7cacff71f5dd9366bb9f055f656ab8
                                                              • Instruction ID: 65d989931b51bd24dfcaec6912c9d2898cfd2660c8353434234ae4c85c91fef6
                                                              • Opcode Fuzzy Hash: 87de9ef75e81187a39280c8bd1b178686d7cacff71f5dd9366bb9f055f656ab8
                                                              • Instruction Fuzzy Hash: 8C014C3200420ABBDF129F59CC05EDA7BBAFF49718F004A55F95869160D332E861DBA0
                                                              Function 6F849B7E Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 6F849B95
                                                                • Part of subcall function 6F84A1CD: ___AdjustPointer.LIBCMT ref: 6F84A217
                                                              • _UnwindNestedFrames.LIBCMT ref: 6F849BAC
                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 6F849BBE
                                                              • CallCatchBlock.LIBVCRUNTIME ref: 6F849BE2
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                              • String ID:
                                                              • API String ID: 2633735394-0
                                                              • Opcode ID: 3db296f4c47c39b08585289f2f0abea634ef215d74277ba0d6dc3823dbe185fe
                                                              • Instruction ID: 4c9a16530b0c924239e6816e1f634d55bf4abe4ad042ecdd3b09240004433acd
                                                              • Opcode Fuzzy Hash: 3db296f4c47c39b08585289f2f0abea634ef215d74277ba0d6dc3823dbe185fe
                                                              • Instruction Fuzzy Hash: C701D73200020DBBDF125F59DD00EDA7BBAEF89758F014955F91869160D732E461EBA0
                                                              Function 6CF3312F Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 6CF33146
                                                                • Part of subcall function 6CF3377E: ___AdjustPointer.LIBCMT ref: 6CF337C8
                                                              • _UnwindNestedFrames.LIBCMT ref: 6CF3315D
                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 6CF3316F
                                                              • CallCatchBlock.LIBVCRUNTIME ref: 6CF33193
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                              • String ID:
                                                              • API String ID: 2633735394-0
                                                              • Opcode ID: e9927df4a9ec735a09e8fbc672dd23e5fff782aa833581b7638476c1d9265e4c
                                                              • Instruction ID: 97fb87108fca460907f061a44ee6afd95d9433309c7a1f02d573c7a7b0d8737a
                                                              • Opcode Fuzzy Hash: e9927df4a9ec735a09e8fbc672dd23e5fff782aa833581b7638476c1d9265e4c
                                                              • Instruction Fuzzy Hash: EE010232400118BBDF029F95CC04EDA3BBAAF49758F129014FA1C66A20C372E46A9BE0
                                                              Function 00FA20A1 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 00FA20B8
                                                                • Part of subcall function 00FA26F0: ___AdjustPointer.LIBCMT ref: 00FA273A
                                                              • _UnwindNestedFrames.LIBCMT ref: 00FA20CF
                                                              • ___FrameUnwindToState.LIBVCRUNTIME ref: 00FA20E1
                                                              • CallCatchBlock.LIBVCRUNTIME ref: 00FA2105
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                              • String ID:
                                                              • API String ID: 2633735394-0
                                                              • Opcode ID: c4fbbb538420d413e9eea3999cecffbc4ce91733dc3e6296498a0d82b4e266f4
                                                              • Instruction ID: 903a812ea7b50accfc28994b5eef9a56abbd4727b3e9663f9196c36b7e15d97f
                                                              • Opcode Fuzzy Hash: c4fbbb538420d413e9eea3999cecffbc4ce91733dc3e6296498a0d82b4e266f4
                                                              • Instruction Fuzzy Hash: FA0125B2500109BBCF626F59CC45EDA3BBAFF4A724F158115F91862121C336E961EBA0
                                                              Function 6F8447D0 Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetWindowRect.USER32(?,?), ref: 6F8447EB
                                                              • ScreenToClient.USER32(?,?), ref: 6F8447FB
                                                              • ScreenToClient.USER32(?,?), ref: 6F84480C
                                                              • BitBlt.GDI32(?,00000000,00000000,?,00CC0020,00000000,?,?,00CC0020), ref: 6F844838
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ClientScreen$RectWindow
                                                              • String ID:
                                                              • API String ID: 3716460499-0
                                                              • Opcode ID: f06c0eb9d51fddc9cb90a0ba4c9364d54e9fa365e0cb7477d72594204d8ba1c1
                                                              • Instruction ID: d82c747ae530345172f3da9a5b6fac3d7a227ae566e19917ac07f6ea80145d76
                                                              • Opcode Fuzzy Hash: f06c0eb9d51fddc9cb90a0ba4c9364d54e9fa365e0cb7477d72594204d8ba1c1
                                                              • Instruction Fuzzy Hash: BC012972900609EFCF119F95CD05EAFFBB9FF09710F1048AAE946A2560D731B924DB90
                                                              Function 6F838800 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetDC.USER32(00000000), ref: 6F83880F
                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 6F83881E
                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6F83882A
                                                              • ReleaseDC.USER32(00000000,00000000), ref: 6F838836
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsDevice$Release
                                                              • String ID:
                                                              • API String ID: 1035833867-0
                                                              • Opcode ID: b4c8de880fcb2a6afc6fe7ab367f6d2d3b057c69d1ee23cf856227adf7b09347
                                                              • Instruction ID: 6f7c8e36c1cd75e44be704ee1eef457912e36e96134c7ffa40f70969a36a80d7
                                                              • Opcode Fuzzy Hash: b4c8de880fcb2a6afc6fe7ab367f6d2d3b057c69d1ee23cf856227adf7b09347
                                                              • Instruction Fuzzy Hash: E001D672A04B05FFDF001FA1DA48759BF78EB12351F2001D1E51967181D7B55870DBD0
                                                              Function 00F9E680 Relevance: 6.0, APIs: 4, Instructions: 42windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCursorPos.USER32(?), ref: 00F9E6AC
                                                              • SetForegroundWindow.USER32(?), ref: 00F9E6B5
                                                                • Part of subcall function 00F9F750: MonitorFromPoint.USER32(00000000,?,00000000), ref: 00F9F76A
                                                                • Part of subcall function 00F9F750: MonitorFromPoint.USER32(00000000,?,00000002), ref: 00F9F778
                                                                • Part of subcall function 00F9F750: GetMonitorInfoW.USER32(00000000,00000028), ref: 00F9F7AB
                                                              • TrackPopupMenu.USER32(?,00000008,00000000,?,00000000,?,00000000), ref: 00F9E6D9
                                                              • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00F9E6E8
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Monitor$FromPoint$CursorForegroundInfoMenuMessagePopupPostTrackWindow
                                                              • String ID:
                                                              • API String ID: 4109650675-0
                                                              • Opcode ID: 20051c29b3623811873e2a0cfffb8226720ae761aabac8603bdef406bfe1480a
                                                              • Instruction ID: 6e6dc10adcf931ea297ac6dc31dbd01300db3fbbe4bccfc81a80021ef586e6e5
                                                              • Opcode Fuzzy Hash: 20051c29b3623811873e2a0cfffb8226720ae761aabac8603bdef406bfe1480a
                                                              • Instruction Fuzzy Hash: 6E018671200304ABD7109F14DC89F46BBA8FB85710F144555F9549B2E1C7B2A814DB66
                                                              Function 6F837190 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipCreatePen1.GDIPLUS(FFFF0000,00000000,00000000,00000018,?,00000000,6F83A078,?,6F837A5C), ref: 6F8371D1
                                                              • GdipSetPenStartCap.GDIPLUS(00000018,00000002,?,00000000,6F83A078,?,6F837A5C), ref: 6F8371DE
                                                              • GdipSetPenEndCap.GDIPLUS(00000018,00000002,?,00000000,6F83A078,?,6F837A5C), ref: 6F8371EF
                                                              • GdipSetPenLineJoin.GDIPLUS(00000018,00000002,?,00000000,6F83A078,?,6F837A5C), ref: 6F837200
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Gdip$CreateJoinLinePen1Start
                                                              • String ID:
                                                              • API String ID: 1095957842-0
                                                              • Opcode ID: 64d802a8f9f759a2293bfa07741b8e1fce82861fb3c4c84f445f112ebd7d1102
                                                              • Instruction ID: a56804e86d192ae6266130fc45b93e41011abdd9c5309bdc22d0ecb3dabe3d32
                                                              • Opcode Fuzzy Hash: 64d802a8f9f759a2293bfa07741b8e1fce82861fb3c4c84f445f112ebd7d1102
                                                              • Instruction Fuzzy Hash: 7E012875605A02EFEB205F65CC08B66BFF4FF01710F10896EE1959A690D7B6A464CF90
                                                              Function 6F835CF0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 6F835D05
                                                              • EnterCriticalSection.KERNEL32(6F86A5A4,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?,?,6F836986,00000002,00000000,00000000), ref: 6F835D13
                                                              • LeaveCriticalSection.KERNEL32(6F86A5A4,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?,?,6F836986,00000002,00000000,00000000), ref: 6F835D2C
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000,00000000,?,?,6F836DA8,00000008,00000000,?,00000000,00000000,00000002,?), ref: 6F835D43
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                              • String ID:
                                                              • API String ID: 2662421713-0
                                                              • Opcode ID: 1a4979c5bf194ff6cf06facc87cea2befa6f6764baac021a0803074b39de86c7
                                                              • Instruction ID: 646ef1246cd11ed0e586a10a57aa8ef6ce2afc49c3a1f6b6f9384e83e2c8d1b8
                                                              • Opcode Fuzzy Hash: 1a4979c5bf194ff6cf06facc87cea2befa6f6764baac021a0803074b39de86c7
                                                              • Instruction Fuzzy Hash: 59F03A31640B24ABEF509FA4880CB5577A8FB16721F00889AFA009B240DA74E420CF94
                                                              Function 00F935A0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 00F935B5
                                                              • EnterCriticalSection.KERNEL32(00FCC684), ref: 00F935C3
                                                              • LeaveCriticalSection.KERNEL32(00FCC684), ref: 00F935DC
                                                              • RaiseException.KERNEL32(C0000005,00000001,00000000,00000000), ref: 00F935F3
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$CurrentEnterExceptionLeaveRaiseThread
                                                              • String ID:
                                                              • API String ID: 2662421713-0
                                                              • Opcode ID: e5cecf139b4e0ad9830feab7a95d292ce1ae07ca97b8a4b7922a42c9575d5d36
                                                              • Instruction ID: aa53fa0e6fb449282201a66c64a545ae04583c2f0fbfb624bbecf6be638909e7
                                                              • Opcode Fuzzy Hash: e5cecf139b4e0ad9830feab7a95d292ce1ae07ca97b8a4b7922a42c9575d5d36
                                                              • Instruction Fuzzy Hash: 03F05E71A40309BBEB209F64EE4AF5577A8EB04B15F05810AF9089B650D671E800FF81
                                                              Function 6CF2A430 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationthreadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WaitForSingleObject.KERNEL32(?,000007D0,?,6CF28EE3), ref: 6CF2A440
                                                              • TerminateThread.KERNEL32(?,00000000,?,6CF28EE3), ref: 6CF2A452
                                                              • CloseHandle.KERNEL32(?,?,6CF28EE3), ref: 6CF2A45B
                                                              • PostMessageW.USER32(?,00000012,00000000,00000000), ref: 6CF2A477
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseHandleMessageObjectPostSingleTerminateThreadWait
                                                              • String ID:
                                                              • API String ID: 2369523621-0
                                                              • Opcode ID: e644dc652ef25dd4ddd94b79cdb9394cce9bfc998a88525d5e09b07dfc0674b2
                                                              • Instruction ID: 498a6d86f08a85673497836914f58ef0a9d27ed9fc980c5af4d887ae94f29a46
                                                              • Opcode Fuzzy Hash: e644dc652ef25dd4ddd94b79cdb9394cce9bfc998a88525d5e09b07dfc0674b2
                                                              • Instruction Fuzzy Hash: E9F03030754710EBEB706B60CD0DB4277F5AF18F19F118819F256E58E2C7B9E440DA10
                                                              Function 6F814BE6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 6F814BE6
                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 6F814BEB
                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 6F814BF0
                                                                • Part of subcall function 6F81548E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 6F81549F
                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 6F814C05
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                              • String ID:
                                                              • API String ID: 1761009282-0
                                                              • Opcode ID: 90490ef97a60f0f612d3ad01f83ad62f9cce046cf6c59c8b0ac915c30661da00
                                                              • Instruction ID: 9c993e923b14d869e6692a721bde5fe1ed492d2fa62dbb48dce63e7017d22cea
                                                              • Opcode Fuzzy Hash: 90490ef97a60f0f612d3ad01f83ad62f9cce046cf6c59c8b0ac915c30661da00
                                                              • Instruction Fuzzy Hash: 78C04CB804C343771D64EAFD261039D17507CC37CEB941FC2C9841F5D29B65106A1032
                                                              Function 6F84AFA6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 6F84AFA6
                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 6F84AFAB
                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 6F84AFB0
                                                                • Part of subcall function 6F84B76E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 6F84B77F
                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 6F84AFC5
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                              • String ID:
                                                              • API String ID: 1761009282-0
                                                              • Opcode ID: 428ab7516cdf7b751b4b6ab73c00114e9b01974681231da1f5f5166651c04654
                                                              • Instruction ID: 49bb62e478489c04b902d2787490b941cabc501517d6edc02b123afd2fc8c11b
                                                              • Opcode Fuzzy Hash: 428ab7516cdf7b751b4b6ab73c00114e9b01974681231da1f5f5166651c04654
                                                              • Instruction Fuzzy Hash: 9AC048B400830DB11C442FBE2B0128EA3342C667AEB811CE5C8741F6E3AB0A600F153A
                                                              Function 6CF342DE Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 6CF342DE
                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 6CF342E3
                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 6CF342E8
                                                                • Part of subcall function 6CF34C59: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 6CF34C6A
                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 6CF342FD
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                              • String ID:
                                                              • API String ID: 1761009282-0
                                                              • Opcode ID: a8d5268d81452ca381c57f3a580ef041c65a5cd597689dfdc9b8093b55817bfb
                                                              • Instruction ID: c8fc6007e68a28c45c2d819faf3c54f6cd7c5b505a0fc34d91b02906be9d4172
                                                              • Opcode Fuzzy Hash: a8d5268d81452ca381c57f3a580ef041c65a5cd597689dfdc9b8093b55817bfb
                                                              • Instruction Fuzzy Hash: E5C04C07048136B51C4026B615106DD3F141EE36CCBC435C0D8AD7FF428B07C40E64FA
                                                              Function 00FA3258 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00FA3258
                                                              • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00FA325D
                                                              • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00FA3262
                                                                • Part of subcall function 00FA3B59: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00FA3B6A
                                                              • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00FA3277
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                              • String ID:
                                                              • API String ID: 1761009282-0
                                                              • Opcode ID: 1a83bb9f5762b61d54f67c7765be48e0e3d55b63ac4cc53bb504c93116aea103
                                                              • Instruction ID: 56986142b04a4bad5e0ed5d40e836920a71333453515a547a83368aac8c34e5b
                                                              • Opcode Fuzzy Hash: 1a83bb9f5762b61d54f67c7765be48e0e3d55b63ac4cc53bb504c93116aea103
                                                              • Instruction Fuzzy Hash: D3C001C884862268EC107AB62E163AD33966CA3BD4FA01081F8822B8078A1E570A7032
                                                              Function 00F818A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #Hw/
                                                              • API String ID: 0-1770964375
                                                              • Opcode ID: 21fd1d3ff3993d93f8032e6f53e0195d3d5f0dbb0e73aebbd0b4cd4a2b13d8e3
                                                              • Instruction ID: a11e713d0094a20f9fb4cb7c0dcfc943e74192b8b02a10ebbfec24bc8a334bb6
                                                              • Opcode Fuzzy Hash: 21fd1d3ff3993d93f8032e6f53e0195d3d5f0dbb0e73aebbd0b4cd4a2b13d8e3
                                                              • Instruction Fuzzy Hash: 1D616CB1900340DFDB14DF29C884AA6BBF4FF46314F20466DE8558B352E375EA46DB91
                                                              Function 6F834B70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8315F0: GetProcessHeap.KERNEL32(?), ref: 6F831623
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83164E
                                                                • Part of subcall function 6F8315F0: __Init_thread_footer.LIBCMT ref: 6F83168F
                                                              • GetTempPathW.KERNEL32(00000105,00000010), ref: 6F834BF9
                                                              • GetTempFileNameW.KERNEL32(00000010,lgt,00000000,00000010), ref: 6F834C83
                                                                • Part of subcall function 6F8311A0: __CxxThrowException@8.LIBVCRUNTIME ref: 6F8311B2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footerTemp$Exception@8FileHeapNamePathProcessThrow
                                                              • String ID: lgt
                                                              • API String ID: 1596947121-3277366035
                                                              • Opcode ID: 8745486905fa8457b37695e7d6735d97fa6ccbe0c2b534ad216bdfcb65132a17
                                                              • Instruction ID: 19e777e3461239356735bd4049c8e5be857cf20603efb56c58775afcb8d9079a
                                                              • Opcode Fuzzy Hash: 8745486905fa8457b37695e7d6735d97fa6ccbe0c2b534ad216bdfcb65132a17
                                                              • Instruction Fuzzy Hash: D551C372E006159BEB14CFADC844B5EBBA4FF81325F104AA9E815DF2E0DB75A911CB90
                                                              Function 00FAF1E9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00FAEDBC: GetOEMCP.KERNEL32(00000000), ref: 00FAEDE7
                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00FAF08A,?,00000000), ref: 00FAF25D
                                                              • GetCPInfo.KERNEL32(00000000,00FAF08A,?,?,?,00FAF08A,?,00000000), ref: 00FAF270
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CodeInfoPageValid
                                                              • String ID: #Hw/
                                                              • API String ID: 546120528-1770964375
                                                              • Opcode ID: c7fecae655e03940ae75c5f8154fbebf7c1dad7a84f883f98ecd9b0319798aac
                                                              • Instruction ID: 57518ecd5337018bd22c1b8ecb0110dd5aeb2c1b513d5b058a0ef98ac13a97e7
                                                              • Opcode Fuzzy Hash: c7fecae655e03940ae75c5f8154fbebf7c1dad7a84f883f98ecd9b0319798aac
                                                              • Instruction Fuzzy Hash: 225101B1D043059EDF218FB5C881ABABBE4AF43320F14407ED4968F251D739994AAB91
                                                              Function 00F896E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetQueryOptionW.WININET(00000000,0000004B,?,00000014), ref: 00F897AA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: InternetOptionQuery
                                                              • String ID: #Hw/$http=
                                                              • API String ID: 2202126096-794388568
                                                              • Opcode ID: a103f8342621f2c4d766747eddeb03c6b9a9a2815c4e1455a57649c80f8ba326
                                                              • Instruction ID: 5a02979fabad5e9a2b738e2aeb8cdcfdab1e2e5cca5979e55b9ff63ce2163b20
                                                              • Opcode Fuzzy Hash: a103f8342621f2c4d766747eddeb03c6b9a9a2815c4e1455a57649c80f8ba326
                                                              • Instruction Fuzzy Hash: 9451E331A0820A9BDB08FF64CD45BFEB7A4EF41324F58422DE916E71C0DBB59904EB61
                                                              Function 00F8C900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160registryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,00000000,?,80000001,00000000), ref: 00F8CA34
                                                              • RegCloseKey.ADVAPI32(?,80000001,00000000), ref: 00F8CA48
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CloseValue
                                                              • String ID: #Hw/
                                                              • API String ID: 3132538880-1770964375
                                                              • Opcode ID: 0e6bc183515fc4df0f5cd8b3443cc8531f21eb8a0ce640c60ef1467a2b2fc715
                                                              • Instruction ID: b50504dc23bffb3d0c293721cdedb9c8a68187a5c86df699f514fbb5096a9c99
                                                              • Opcode Fuzzy Hash: 0e6bc183515fc4df0f5cd8b3443cc8531f21eb8a0ce640c60ef1467a2b2fc715
                                                              • Instruction Fuzzy Hash: 73517E71A016099BD700EF6CCC58B9AB7A9FF45324F14C269E8159B292DB74DD04DBA0
                                                              Function 6F833890 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _wcsstr
                                                              • String ID: =[[
                                                              • API String ID: 1512112989-1980015410
                                                              • Opcode ID: 61b13e4979dfd56ee44944779f120de47a2087b8a10cd9faed202c5018e76568
                                                              • Instruction ID: 06c9bd4d83a84e62e4ea39953ed9746ab1956cb874ac13ade4d1e01cc5796e98
                                                              • Opcode Fuzzy Hash: 61b13e4979dfd56ee44944779f120de47a2087b8a10cd9faed202c5018e76568
                                                              • Instruction Fuzzy Hash: 01519131A01619DBDB04CFACC889B5DB7A4EF46224F0486A9E825DF3A5E774AD40CBD0
                                                              Function 6F8332B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindWindowW.USER32(00000000,Lightshot_Tray_Wnd), ref: 6F8332F1
                                                              • SendMessageW.USER32(00000000,0000004A,?,00000001), ref: 6F8333FE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FindMessageSendWindow
                                                              • String ID: Lightshot_Tray_Wnd
                                                              • API String ID: 1741975844-121155821
                                                              • Opcode ID: 5ad2c2a9953aa642c8cf66c7efcccffbfedae949fbf4f53b38feebf1a8b65b41
                                                              • Instruction ID: 001a47ab7fb3dc99d84aa6d1f701b56cb31b484d7cf19f9100a4faf7812654c8
                                                              • Opcode Fuzzy Hash: 5ad2c2a9953aa642c8cf66c7efcccffbfedae949fbf4f53b38feebf1a8b65b41
                                                              • Instruction Fuzzy Hash: 18514C31901659EFDB04CF58C949B9AB7B8EF05325F0086E9E819DB2E0DB34AE55CF90
                                                              Function 6CF244D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157windowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindWindowW.USER32(00000000,Lightshot_Tray_Wnd), ref: 6CF24511
                                                              • SendMessageW.USER32(00000000,0000004A,?,00000001), ref: 6CF2461E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FindMessageSendWindow
                                                              • String ID: Lightshot_Tray_Wnd
                                                              • API String ID: 1741975844-121155821
                                                              • Opcode ID: 9f2f6c3ecf3164892a8ad066f95494c1721194f2516df261b736167befa4d047
                                                              • Instruction ID: 89207692a437de7dbd851e1b325b66b69c9f1b0ff932f104d440c0b9922d7007
                                                              • Opcode Fuzzy Hash: 9f2f6c3ecf3164892a8ad066f95494c1721194f2516df261b736167befa4d047
                                                              • Instruction Fuzzy Hash: 2C516E30A015499FDB14CF58CD48ADABBB8EF45328F10C298F8159B690DB79DE49CF90
                                                              Function 00FAA715 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: __alloca_probe_16__freea
                                                              • String ID: #Hw/
                                                              • API String ID: 1635606685-1770964375
                                                              • Opcode ID: 7bd05ee6c7eecd855f88bed70e809a86c8cb807d6444ceb847f2360bb5b5e699
                                                              • Instruction ID: 179c75cc569817370c3f7c32bfaa49a252020824a1ddb452e3fab81090c725cb
                                                              • Opcode Fuzzy Hash: 7bd05ee6c7eecd855f88bed70e809a86c8cb807d6444ceb847f2360bb5b5e699
                                                              • Instruction Fuzzy Hash: 504139F2A102119FDB21AF24CC45A6F73A19F47760B144569F804CB290EB38D848E793
                                                              Function 00F89730 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetQueryOptionW.WININET(00000000,0000004B,?,00000014), ref: 00F897AA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: InternetOptionQuery
                                                              • String ID: #Hw/$http=
                                                              • API String ID: 2202126096-794388568
                                                              • Opcode ID: 407cfdb61883b3dab232585cc5d2dd200b84d44ea7d2f623ae12a106d693eede
                                                              • Instruction ID: 2de6e2c548839c6d2b5166b89f6f1cc2a577690af12d6d09caf71ffb512e08a4
                                                              • Opcode Fuzzy Hash: 407cfdb61883b3dab232585cc5d2dd200b84d44ea7d2f623ae12a106d693eede
                                                              • Instruction Fuzzy Hash: 6941D571D08209ABDB14EBA8CC49BEEB7F8EF41324F58421DE415E71C0DBB99904DB61
                                                              Function 6F841520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateDIBSection.GDI32(00000000,00000028,00000000,?,00000000,00000000), ref: 6F8415BE
                                                              • DeleteObject.GDI32(00000000), ref: 6F841684
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CreateDeleteObjectSection
                                                              • String ID: (
                                                              • API String ID: 2173382960-3887548279
                                                              • Opcode ID: 2a780e88d286fa86888defde49c123d02ed97aa435fabfb47619dea0e4f292e0
                                                              • Instruction ID: b7dd2a637971e95050740a79acd67ad80e1131ec4482bdce13951aef5eabe018
                                                              • Opcode Fuzzy Hash: 2a780e88d286fa86888defde49c123d02ed97aa435fabfb47619dea0e4f292e0
                                                              • Instruction Fuzzy Hash: 155123B1E0061D9FDB04CFA9C984B9EBBB9FF08714F14456AE815EB280E774A915CB90
                                                              Function 00F99590 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F99250: CoTaskMemAlloc.OLE32(00000000,77E44823,00000000,00000000), ref: 00F992D9
                                                                • Part of subcall function 00F99250: CharNextW.USER32(?,00000000), ref: 00F99359
                                                                • Part of subcall function 00F99250: CharNextW.USER32(00000000,?,00000000), ref: 00F9935E
                                                                • Part of subcall function 00F99250: CharNextW.USER32(00000000,?,00000000), ref: 00F99363
                                                                • Part of subcall function 00F99250: CharNextW.USER32(00000000,?,00000000), ref: 00F99368
                                                              • lstrcmpiW.KERNEL32(?,00FC1C24,?,00000000,00000000,00000000,00000000), ref: 00F9960D
                                                              • CoTaskMemFree.OLE32(00000000,00000000,00000000,00000000), ref: 00F9962C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CharNext$Task$AllocFreelstrcmpi
                                                              • String ID: #Hw/
                                                              • API String ID: 2690960928-1770964375
                                                              • Opcode ID: fd8c787b552b8d6bec62485f2a71cd259cd14561f9cf7c3e99fd88bb64cd2584
                                                              • Instruction ID: 88f264552d7bc6f449fb476a303f4feddfae7ffaef9488dc10112572e8db2d1f
                                                              • Opcode Fuzzy Hash: fd8c787b552b8d6bec62485f2a71cd259cd14561f9cf7c3e99fd88bb64cd2584
                                                              • Instruction Fuzzy Hash: 2531CB72E042289BFF259F6CCCD4BAE73A4EB45750F0201ADE909DB241DA74DD44DB90
                                                              Function 6F8329B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GdipGetImageEncodersSize.GDIPLUS(00000000,6F860DB0,?,6F832CEF), ref: 6F8329D2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: EncodersGdipImageSize
                                                              • String ID: 0vRs
                                                              • API String ID: 3162775594-3230805007
                                                              • Opcode ID: fb2934a09133d9a80af71c181d12421b97cfe2e625d86c0faa12cfef04ee9428
                                                              • Instruction ID: 3349f2745a8016ba16800cf6a8e11b1b01a13c2aab2fe3aad056e70dd965abf8
                                                              • Opcode Fuzzy Hash: fb2934a09133d9a80af71c181d12421b97cfe2e625d86c0faa12cfef04ee9428
                                                              • Instruction Fuzzy Hash: 3C31E872E00219ABDB14DF98D84259AF7B9FF54324F104AE6DC189B350E735E950CBD0
                                                              Function 00FB3472 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00FB38AF,?,00000000,?,00000000,00000000), ref: 00FB351C
                                                              • GetLastError.KERNEL32(?,00FB38AF,?,00000000,?,00000000,00000000,?,00000000), ref: 00FB3545
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite
                                                              • String ID: #Hw/
                                                              • API String ID: 442123175-1770964375
                                                              • Opcode ID: 4248e4c35bbf8ec11d471d3a64831a8910f4032912c7032ec96999d038254dc7
                                                              • Instruction ID: 0a998ddc8c6676394451e45c5e8a4ba9b2f1043acf449468d5f56fa99e1c4a86
                                                              • Opcode Fuzzy Hash: 4248e4c35bbf8ec11d471d3a64831a8910f4032912c7032ec96999d038254dc7
                                                              • Instruction Fuzzy Hash: CE317E71B00219DBCB25CF5ACD81ADAF3F9EF48711F1485AAE50AD7260E730AE859F50
                                                              Function 00F911A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • lstrlenW.KERNEL32(00F90BA1,?,?,00F90BA1,00000000), ref: 00F911E6
                                                              • SetWindowTextW.USER32(?,00F90BA1), ref: 00F9126D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: TextWindowlstrlen
                                                              • String ID: #Hw/
                                                              • API String ID: 1217687160-1770964375
                                                              • Opcode ID: 49c4f2d672af7ded8f14615cfac082556bef62fa795e4ea2e1eebea81feac131
                                                              • Instruction ID: f1236fc30c674101e22f0183d66b3d4c34be50c7884e4ddc6c7001dc36c32019
                                                              • Opcode Fuzzy Hash: 49c4f2d672af7ded8f14615cfac082556bef62fa795e4ea2e1eebea81feac131
                                                              • Instruction Fuzzy Hash: FD21F5B2A04304ABDB20EF69EC45B5BF7ECEB45760F00462EF806D3680D735A9009BA1
                                                              Function 00F9F920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78registrywindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F86C60: GetProcessHeap.KERNEL32 ref: 00F86C8C
                                                              • RegisterWindowMessageA.USER32(TaskbarCreated,?,?,00000000,00000000,00FB93D1,000000FF,?,00F9D341,00000000,77E44823), ref: 00F9F9EA
                                                                • Part of subcall function 00F87000: __CxxThrowException@8.LIBVCRUNTIME ref: 00F86FD2
                                                                • Part of subcall function 00F87000: GetLastError.KERNEL32(?,00FC8114), ref: 00F86FE0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorException@8HeapLastMessageProcessRegisterThrowWindow
                                                              • String ID: #Hw/$TaskbarCreated
                                                              • API String ID: 499145442-2967515788
                                                              • Opcode ID: a0e786c47e3c5e6d03a3e69f5a87d2520a404fae9d0c5f689dec16288285f7cc
                                                              • Instruction ID: 30e8f7356ebf5e73cca2a7d1f8d4707fafbf3bf24103f5510f748e4681b96ba7
                                                              • Opcode Fuzzy Hash: a0e786c47e3c5e6d03a3e69f5a87d2520a404fae9d0c5f689dec16288285f7cc
                                                              • Instruction Fuzzy Hash: 3331AB70600A45DFE720DF69C944B4ABBF4EF04324F00866EE45ADBB91DBB4E908DB95
                                                              Function 00FB3393 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00FB38CF,?,00000000,?,00000000,00000000), ref: 00FB342E
                                                              • GetLastError.KERNEL32(?,00FB38CF,?,00000000,?,00000000,00000000,?,00000000), ref: 00FB3457
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ErrorFileLastWrite
                                                              • String ID: #Hw/
                                                              • API String ID: 442123175-1770964375
                                                              • Opcode ID: c2b99d3a521b429bcf6d29030f280cc78a7661984a576e5e23eadc51e7a2961c
                                                              • Instruction ID: f7ae03e2b6eee45927210aa08a5f0c06af2b940de13ec0e2eb094974f6b5b706
                                                              • Opcode Fuzzy Hash: c2b99d3a521b429bcf6d29030f280cc78a7661984a576e5e23eadc51e7a2961c
                                                              • Instruction Fuzzy Hash: B0218D75A00219DFCB15CF5ACC80BE9B7F9EB48316F1444AAE94AD7251D730AE85DF20
                                                              Function 00FAE104 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00FAE164
                                                              • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FAE171
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: AddressProc__crt_fast_encode_pointer
                                                              • String ID: #Hw/
                                                              • API String ID: 2279764990-1770964375
                                                              • Opcode ID: 1743ba25c7fdcf7597dfa07bc7be9573ca81b5e1fbaf2299a0c41c39637b20a5
                                                              • Instruction ID: bb87865aa396e8d6a4cd2b5b2a060e30cfa94cf5a54edd24f350554152fac379
                                                              • Opcode Fuzzy Hash: 1743ba25c7fdcf7597dfa07bc7be9573ca81b5e1fbaf2299a0c41c39637b20a5
                                                              • Instruction Fuzzy Hash: 0F1129B7E001399B9B219F1CEC81D5A7395EB827747164220FC15EB258D730EC02BBE1
                                                              Function 6CF2BE40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62stringCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __Init_thread_footer.LIBCMT ref: 6CF2BED7
                                                              • lstrcmpiW.KERNEL32(?,?,00000000,6CF2C8E6,?,?,?,00000000,75BFA7D0,?,6CF2C8E6,?,00000001,C3D2D3B7,00000000,00000000), ref: 6CF2BEF8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footerlstrcmpi
                                                              • String ID: jV
                                                              • API String ID: 2025936031-4180403056
                                                              • Opcode ID: 8e28f6963140f148071055d9d229e6585b90594776e15274cabb9b8e09e69a85
                                                              • Instruction ID: 150ad45fa945c3f84be5b1f1e74160f1d8ebbfd5bbdb94a8001a67d6bded803d
                                                              • Opcode Fuzzy Hash: 8e28f6963140f148071055d9d229e6585b90594776e15274cabb9b8e09e69a85
                                                              • Instruction Fuzzy Hash: DC11DFB7F242089BDB488F9CD44178973B4EB2A322F804529EB15D7B12D332D80C8B96
                                                              Function 00FA0347 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00FA05C3
                                                              • ___raise_securityfailure.LIBCMT ref: 00FA06AA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                              • String ID: #Hw/
                                                              • API String ID: 3761405300-1770964375
                                                              • Opcode ID: 15d9046c3e44544547aefc604c6682b59c4bb6faa6e8823a78f2ce3d70ffc8a1
                                                              • Instruction ID: 5203f8039ac1b1e2d3b403955091a4a7d728656b198efefbf92d6b75cab79d32
                                                              • Opcode Fuzzy Hash: 15d9046c3e44544547aefc604c6682b59c4bb6faa6e8823a78f2ce3d70ffc8a1
                                                              • Instruction Fuzzy Hash: DA21BDB994430C9ED710CF15FA87E507BA8FF89314F14506AE9088B2B0E7B5A998EF45
                                                              Function 00F9E700 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F90560: GetDC.USER32(00000000), ref: 00F90609
                                                                • Part of subcall function 00F90560: GetDeviceCaps.GDI32(00000000,00000058), ref: 00F9061E
                                                                • Part of subcall function 00F90560: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F90623
                                                                • Part of subcall function 00F90560: ReleaseDC.USER32(00000000,00000000), ref: 00F9062D
                                                                • Part of subcall function 00F90560: MulDiv.KERNEL32(00000010,00000060,00000060), ref: 00F9063E
                                                                • Part of subcall function 00F90560: CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Calibri), ref: 00F90667
                                                                • Part of subcall function 00F90560: MulDiv.KERNEL32(00000012,00000000,00000060), ref: 00F90673
                                                                • Part of subcall function 00F90560: CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Calibri), ref: 00F90696
                                                                • Part of subcall function 00F90560: MulDiv.KERNEL32(00000024,00000000,00000060), ref: 00F906A2
                                                              • DialogBoxParamW.USER32(00000068,?,00F9F7E0,00000000,?), ref: 00F9E78A
                                                                • Part of subcall function 00FA1717: GetProcessHeap.KERNEL32(00000008,00000008,?,00F92885,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA171C
                                                                • Part of subcall function 00FA1717: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00F9054E,00000000), ref: 00FA1723
                                                              • SetLastError.KERNEL32(0000000E), ref: 00F9E759
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CapsCreateDeviceFontHeap$AllocDialogErrorLastParamProcessRelease
                                                              • String ID: #Hw/
                                                              • API String ID: 1408992467-1770964375
                                                              • Opcode ID: 744274d90aeee2c6facbc638d9ffc32544d8b47b7df711ede3254779d221c4b2
                                                              • Instruction ID: 788451a1832c3d4c1a257d32536b342958b20d8363d7eaa6f9ba804dde77ebe8
                                                              • Opcode Fuzzy Hash: 744274d90aeee2c6facbc638d9ffc32544d8b47b7df711ede3254779d221c4b2
                                                              • Instruction Fuzzy Hash: D611A3319443099BEB20EB64DD87F9B77A8AB45710F004519F489971D1DAB4E844EB93
                                                              Function 00FAE42E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,9AE85006,00000001,?,000000FF), ref: 00FAE49F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: String
                                                              • String ID: #Hw/$LCMapStringEx
                                                              • API String ID: 2568140703-3233806261
                                                              • Opcode ID: e6edf971b3e564ea0dd7d81161ba9e507cc5bf1883e4f646e9d4f572d0300ab2
                                                              • Instruction ID: 9b68aaf069d66e1cb94bf2f6d8fefaf3115976bf053dbbc29b5a2c05ce32f861
                                                              • Opcode Fuzzy Hash: e6edf971b3e564ea0dd7d81161ba9e507cc5bf1883e4f646e9d4f572d0300ab2
                                                              • Instruction Fuzzy Hash: 8901C57254020DBBCF12AF91DD05EEE7F66EB0D760F048154BE0466160D6369931BB92
                                                              Function 00FAE512 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _abort
                                                              • String ID: #Hw/$SystemFunction036
                                                              • API String ID: 1888311480-1571960334
                                                              • Opcode ID: 4914c103ab16ed5fd024bdf3138900c1fd4870ecb45d2832b1b11a95ba38c006
                                                              • Instruction ID: a6ee9cb4f3b8d0e66b145e741c161847128df33e3ffe0dac9704ffd92268cd4d
                                                              • Opcode Fuzzy Hash: 4914c103ab16ed5fd024bdf3138900c1fd4870ecb45d2832b1b11a95ba38c006
                                                              • Instruction Fuzzy Hash: E1F0F472B5020CA7DB24BF29EC47E9A7B90CB85764F044129FA04CB295D9729911BB92
                                                              Function 00FA044D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00FA04D2: EnterCriticalSection.KERNEL32(00FCB624,00FA0495,?,?,00F81271,00FCC2F4,77E44823,?,00FB64BC,000000FF,?,00F81D7D), ref: 00FA04D7
                                                                • Part of subcall function 00FA051F: LeaveCriticalSection.KERNEL32(00FCB624,00F81271,00FCC2F4,77E44823,?,00FB64BC,000000FF,?,00F81D7D), ref: 00FA0524
                                                              • SetEvent.KERNEL32(00000000,00F812C5,00FCC2F4,00FB94D0,false,00000005), ref: 00FA050C
                                                              • ResetEvent.KERNEL32 ref: 00FA0518
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CriticalEventSection$EnterLeaveReset
                                                              • String ID: #Hw/
                                                              • API String ID: 3553466030-1770964375
                                                              • Opcode ID: 819a5e0aedf1a6e7e74f4d0ad9248add56cf7eafefc606ea22884c8902542be2
                                                              • Instruction ID: 24f13bbd6dbbe3257b52a91e03e5da360cf49d5c2b097e5a26401eae22e6804c
                                                              • Opcode Fuzzy Hash: 819a5e0aedf1a6e7e74f4d0ad9248add56cf7eafefc606ea22884c8902542be2
                                                              • Instruction Fuzzy Hash: 69F037B9A4061C9FCB55EF68FE56E1837A8FB49344B004099F90697725CB346810BF86
                                                              Function 00FAB852 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: _abort
                                                              • String ID: #Hw$#Hw/
                                                              • API String ID: 1888311480-391555086
                                                              • Opcode ID: 7bcb4ab1339a6a5f1fa8a1a4585504071bc114d26463a8eaef69b8d157269381
                                                              • Instruction ID: 9105a22431ed43c2526894f8461fc2423bad4619f40833fab8c6002268f030b4
                                                              • Opcode Fuzzy Hash: 7bcb4ab1339a6a5f1fa8a1a4585504071bc114d26463a8eaef69b8d157269381
                                                              • Instruction Fuzzy Hash: 63F09AB295030CDBDB20EF78ED07F0D37A1AB41720F258255F4059B2A2CB78AC10BB91
                                                              Function 00FAE3CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00FADCF6), ref: 00FAE417
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalInitializeSectionSpin
                                                              • String ID: #Hw/$InitializeCriticalSectionEx
                                                              • API String ID: 2593887523-1375535258
                                                              • Opcode ID: b92b5edd56bca3567347bd07ce65852d8ec4316abf3974ee8996d6dd2285196f
                                                              • Instruction ID: a377695704ff223e98f09dd9c8a716a858bc2fcb27476e101a505b4932f19093
                                                              • Opcode Fuzzy Hash: b92b5edd56bca3567347bd07ce65852d8ec4316abf3974ee8996d6dd2285196f
                                                              • Instruction Fuzzy Hash: CCF0B47564021CFBCF11AF51DC46DAD7F65DF09760F008124FC045A261DA328920FE92
                                                              Function 00FAE271 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Free
                                                              • String ID: #Hw/$FlsFree
                                                              • API String ID: 3978063606-958495234
                                                              • Opcode ID: a8dfd806f4a2ca678afd81f8b08edd8df7b4c1d55e0dfd26cf267854f60c676a
                                                              • Instruction ID: ecfe18a7b292624e464582365b835cebe6f73d75bab944cecc485e05c8054edf
                                                              • Opcode Fuzzy Hash: a8dfd806f4a2ca678afd81f8b08edd8df7b4c1d55e0dfd26cf267854f60c676a
                                                              • Instruction Fuzzy Hash: 9CE0E5B1B4421CA78710AB65AC46EBFFB94CB4AB11F054159FD0557280CE319D10BEE7
                                                              Function 00FAE21B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Alloc
                                                              • String ID: #Hw/$FlsAlloc
                                                              • API String ID: 2773662609-525774976
                                                              • Opcode ID: 32703bcb27441080237ce042927fb39e13077d6a0f7cd1a99f2459269cee827a
                                                              • Instruction ID: 020f214db7d850da7681f1d2af3315cd49d0142f08d0cc4eb10d7795c4bc9a4d
                                                              • Opcode Fuzzy Hash: 32703bcb27441080237ce042927fb39e13077d6a0f7cd1a99f2459269cee827a
                                                              • Instruction Fuzzy Hash: ADE0E5B1E8421CA7CB11AB659C46EBEBBD8DF5A721B000195FC0557240CE759D00BAE7
                                                              Function 00FAE376 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30timeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetSystemTimeAsFileTime.KERNEL32(00000000,00FAA594), ref: 00FAE3B5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Time$FileSystem
                                                              • String ID: #Hw/$GetSystemTimePreciseAsFileTime
                                                              • API String ID: 2086374402-3485516342
                                                              • Opcode ID: 4ec05ead39ed3935f4b1f57c95ce093d11e465a5a2c3e515e8db6bb14c7cb4a8
                                                              • Instruction ID: eb704c8a03f0cdab6e4347a7e62fb831e1dbc52239051fe64b94406d22e1c1f5
                                                              • Opcode Fuzzy Hash: 4ec05ead39ed3935f4b1f57c95ce093d11e465a5a2c3e515e8db6bb14c7cb4a8
                                                              • Instruction Fuzzy Hash: D9E0E571B8521CF787106F259C46E7FBB95DB45B10B050198F80557280CE319D00BEE7
                                                              Function 6F8124F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F8110F0: InitializeCriticalSectionAndSpinCount.KERNEL32(00000001,00000000,6F81251F,?,8007000E,?,?,?,6F8120CF,?,00000000,?,?,?), ref: 6F8110F3
                                                                • Part of subcall function 6F8110F0: GetLastError.KERNEL32(?,?,?,6F8120CF,?,00000000,?,?,?), ref: 6F8110FD
                                                              • IsDebuggerPresent.KERNEL32(?,8007000E,?,?,?,6F8120CF,?,00000000,?,?,?), ref: 6F812523
                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6F8120CF,?,00000000,?,?,?), ref: 6F812532
                                                              Strings
                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6F81252D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986858706.000000006F811000.00000020.00000001.01000000.0000000D.sdmp, Offset: 6F810000, based on PE: true
                                                              • Associated: 00000008.00000002.2986821018.000000006F810000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986912049.000000006F81E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986953436.000000006F825000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986980772.000000006F827000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987021151.000000006F829000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f810000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                              • API String ID: 450123788-631824599
                                                              • Opcode ID: aedbcfd1274b76562e7f174eaf20c128f4d3f410feafbb9dea41c4d426fddb69
                                                              • Instruction ID: 108fcd86f74b94c9cc712b551ebab35f3e748ea72be54043e0cdef54cbe8cde5
                                                              • Opcode Fuzzy Hash: aedbcfd1274b76562e7f174eaf20c128f4d3f410feafbb9dea41c4d426fddb69
                                                              • Instruction Fuzzy Hash: 15E06570108B434BE764DF24D44834277E46F06355F004FDDE495CA644D774E194CBA1
                                                              Function 6F847C0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6F831260: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,6F847C3A,?,?,?,6F8310C5), ref: 6F831263
                                                                • Part of subcall function 6F831260: GetLastError.KERNEL32(?,?,?,6F8310C5), ref: 6F83126D
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,6F8310C5), ref: 6F847C3E
                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6F8310C5), ref: 6F847C4D
                                                              Strings
                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6F847C48
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                              • API String ID: 450123788-631824599
                                                              • Opcode ID: 4d2a433eecd794f0b29e1139a098432282e45e0e5e7ccd310169cc92d450316b
                                                              • Instruction ID: 16633b5d0595fe6b8d8ea5f84f15bc171b9015af78c6d84c5b9084187142bcaa
                                                              • Opcode Fuzzy Hash: 4d2a433eecd794f0b29e1139a098432282e45e0e5e7ccd310169cc92d450316b
                                                              • Instruction Fuzzy Hash: 8FE03970500B648BDBA48F68D90475ABBE0AF24358F008CDDE466CA680EBB5D458CBD1
                                                              Function 6CF32400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 6CF21210: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,6CF3242F,?,?,?,6CF21195), ref: 6CF21213
                                                                • Part of subcall function 6CF21210: GetLastError.KERNEL32(?,?,?,6CF21195), ref: 6CF2121D
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,6CF21195), ref: 6CF32433
                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6CF21195), ref: 6CF32442
                                                              Strings
                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6CF3243D
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                              • API String ID: 450123788-631824599
                                                              • Opcode ID: 25f31498bb297765dc59c0c3821811bf981712044c8351a588b63aff0bbf6a20
                                                              • Instruction ID: bd19f372145f1c4e17d5affb5a6fef551d562ce8f02726bfc1eb1c2b9264479e
                                                              • Opcode Fuzzy Hash: 25f31498bb297765dc59c0c3821811bf981712044c8351a588b63aff0bbf6a20
                                                              • Instruction Fuzzy Hash: 8EE06DB06043608FD7649F68E408742BBF0AB10349F00C92CE49AC2A52E7BAD4488BE1
                                                              Function 00FA13B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00F869C0: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,00FA13DF,?,?,?,00F8109B), ref: 00F869C3
                                                                • Part of subcall function 00F869C0: GetLastError.KERNEL32(?,?,?,00F8109B), ref: 00F869CD
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,00F8109B), ref: 00FA13E3
                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F8109B), ref: 00FA13F2
                                                              Strings
                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FA13ED
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                              • API String ID: 450123788-631824599
                                                              • Opcode ID: cdf353de1cfd180434f70496d0c03641228643373d8823e307366d26b06dd810
                                                              • Instruction ID: e983edec474cee220d0698a1938169bee2bb7f24c2490975f9d84b116c9b3589
                                                              • Opcode Fuzzy Hash: cdf353de1cfd180434f70496d0c03641228643373d8823e307366d26b06dd810
                                                              • Instruction Fuzzy Hash: 09E092B06007508FC7B0AF69E8087827BE4FF05300F04895CE895C7641DBB4D548EFA2
                                                              Function 00FA031A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00FA0326
                                                                • Part of subcall function 00FA027E: std::exception::exception.LIBCONCRT ref: 00FA028B
                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00FA0334
                                                                • Part of subcall function 00FA2F29: RaiseException.KERNEL32(?,?,00FA0319,00F812B1,00F812B1,00FCC2D8,?,?,?,?,?,00FA0319,00F812B1,00FC7B20,?,00F812B1), ref: 00FA2F88
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ExceptionException@8RaiseThrowstd::exception::exceptionstd::invalid_argument::invalid_argument
                                                              • String ID: Unknown exception
                                                              • API String ID: 1586462112-410509341
                                                              • Opcode ID: 8262493f9d1ea7a925b6127d95bd7b2dd899157622882f961b591225b70c4b3d
                                                              • Instruction ID: 470a33c23b63ae3346226ed9ea9a807ac81777f4d3c81d906159961b115e5651
                                                              • Opcode Fuzzy Hash: 8262493f9d1ea7a925b6127d95bd7b2dd899157622882f961b591225b70c4b3d
                                                              • Instruction Fuzzy Hash: 63D05E64E002086B8F00EAA5DE46A9977785A02300B904064A904C7042EBB5E915AB82
                                                              Function 00F8E4D0 Relevance: 5.1, APIs: 4, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000002,?,00000002), ref: 00F8E51D
                                                              • GetLastError.KERNEL32(?,00000002), ref: 00F8E52E
                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000000,00000000,00000000,?,00000002), ref: 00F8E548
                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000000,?,00000000,?,00000002), ref: 00F8E56F
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2984177868.0000000000F81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00F80000, based on PE: true
                                                              • Associated: 00000008.00000002.2984126174.0000000000F80000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984279872.0000000000FBA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984337029.0000000000FCA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984410894.0000000000FCD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              • Associated: 00000008.00000002.2984460441.0000000000FCF000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_f80000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                              • String ID:
                                                              • API String ID: 1717984340-0
                                                              • Opcode ID: fc533331a0e8dfc595b17726cec5d839f4ceb253fbb04e7b2be709e5bdbc9180
                                                              • Instruction ID: 83f1f9ed3e0b5059333d9d34eaf9e37087964b0424a2b8a7fadc949d10975f74
                                                              • Opcode Fuzzy Hash: fc533331a0e8dfc595b17726cec5d839f4ceb253fbb04e7b2be709e5bdbc9180
                                                              • Instruction Fuzzy Hash: 9D21C87AA000113BC7347B50CC84FEA7F1ADF05768F180222FA09CF640E722AC10ABE2
                                                              Function 6F847F72 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000008,00000008,00000000,6F842CEC,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F77
                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847F7E
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847FC3
                                                              • HeapFree.KERNEL32(00000000,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847FCA
                                                                • Part of subcall function 6F847E2F: GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,6F847FB9,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E52
                                                                • Part of subcall function 6F847E2F: HeapAlloc.KERNEL32(00000000,?,?,00000000,6F85A4E8,000000FF,?,6F841CA8,?,6F8419E1), ref: 6F847E59
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2987109870.000000006F831000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6F830000, based on PE: true
                                                              • Associated: 00000008.00000002.2987071943.000000006F830000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987158647.000000006F85B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987205471.000000006F868000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987245701.000000006F86B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              • Associated: 00000008.00000002.2987301181.000000006F86D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6f830000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$Alloc$Free
                                                              • String ID:
                                                              • API String ID: 1864747095-0
                                                              • Opcode ID: 62c00a16424323376539803ce115a6afb24e7a4b2a7496394bc2e0d3ebadc142
                                                              • Instruction ID: 1d28d9e999b1aaf8f8b1841be50ef3891b820a13cbad7404667854fae4c2a568
                                                              • Opcode Fuzzy Hash: 62c00a16424323376539803ce115a6afb24e7a4b2a7496394bc2e0d3ebadc142
                                                              • Instruction Fuzzy Hash: BAF0E972248B1A57DF9427BC690CA5F29659F91761B114DE8F541CF2C4EF24C41087E0
                                                              Function 6CF32767 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetProcessHeap.KERNEL32(00000008,00000008,00000000,6CF28D60,?,?,?,?,?,6CF28B92), ref: 6CF3276C
                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF32773
                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,6CF28B92), ref: 6CF327B8
                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF327BF
                                                                • Part of subcall function 6CF32624: GetProcessHeap.KERNEL32(00000000,0000000D,00000000,00000000,6CF327AE,?,?,?,?,?,?,6CF28B92), ref: 6CF32647
                                                                • Part of subcall function 6CF32624: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,6CF28B92), ref: 6CF3264E
                                                              Memory Dump Source
                                                              • Source File: 00000008.00000002.2986598720.000000006CF21000.00000020.00000001.01000000.00000014.sdmp, Offset: 6CF20000, based on PE: true
                                                              • Associated: 00000008.00000002.2986549040.000000006CF20000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986656310.000000006CF46000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986695313.000000006CF52000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986744203.000000006CF54000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              • Associated: 00000008.00000002.2986780764.000000006CF56000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_8_2_6cf20000_Lightshot.jbxd
                                                              Similarity
                                                              • API ID: Heap$Process$Alloc$Free
                                                              • String ID:
                                                              • API String ID: 1864747095-0
                                                              • Opcode ID: 9f3dbdd38caf502ffc8b3c1682641a5c8632e341fb76f4a4f84df626ca22762c
                                                              • Instruction ID: ece202f659b52b5622677d22a0de74547b4a77f9065ee166847efe0241922239
                                                              • Opcode Fuzzy Hash: 9f3dbdd38caf502ffc8b3c1682641a5c8632e341fb76f4a4f84df626ca22762c
                                                              • Instruction Fuzzy Hash: 9CF0B473A44B32B7CB5527BC680CA8B3975AFD1AA8712A118F55DC7647DF21C40087E0